diff options
author | Dries Buytaert <dries@buytaert.net> | 2010-01-14 18:45:17 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2010-01-14 18:45:17 +0000 |
commit | f818dfe90847f350167055f6207befdc2e4e0f14 (patch) | |
tree | 69dbd521a79b971912f53bca339fa5060c62cbb8 /install.php | |
parent | 913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff) | |
download | brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.gz brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.bz2 |
- Patch #590656 by pwolanin, Pasqualle: harden one-time login links against vulnerability from disclosure of SQL backups, or SQL 'SELECT' injection.
Diffstat (limited to 'install.php')
-rw-r--r-- | install.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/install.php b/install.php index 0b9dddd87..f4da1bb55 100644 --- a/install.php +++ b/install.php @@ -1002,6 +1002,10 @@ function install_settings_form_submit($form, &$form_state) { 'value' => $form_state['values']['db_prefix'], 'required' => TRUE, ); + $settings['drupal_hash_salt'] = array( + 'value' => sha1(drupal_random_bytes(64)), + 'required' => TRUE, + ); drupal_rewrite_settings($settings); // Indicate that the settings file has been verified, and check the database // for the last completed task, now that we have a valid connection. This |