From 71713081a2b79b0baa024742cdbb4af536f77f4b Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sat, 1 May 2010 08:12:23 +0000 Subject: - Patch #723802 by pwolanin, grendzy: convert to sha-256 and hmac from md5 and sha1. --- modules/aggregator/aggregator.install | 7 ++++--- modules/aggregator/aggregator.module | 8 ++++---- modules/aggregator/tests/aggregator_test.module | 2 +- modules/book/book.admin.inc | 2 +- modules/book/book.module | 2 +- modules/color/color.module | 2 +- modules/field/tests/field.test | 4 ++-- modules/field/tests/field_test.module | 4 ++-- modules/file/file.module | 2 +- modules/filter/filter.install | 2 +- modules/filter/filter.module | 2 +- modules/image/image.module | 8 ++++---- modules/image/image.test | 2 +- modules/locale/locale.install | 9 ++++++++- modules/menu/menu.test | 6 +++--- modules/simpletest/drupal_web_test_case.php | 2 +- modules/simpletest/tests/actions.test | 6 +++--- modules/simpletest/tests/registry.test | 24 +++++++++++++----------- modules/system/system.admin.inc | 4 ++-- modules/system/system.install | 4 ++-- modules/trigger/trigger.admin.inc | 5 +++-- modules/trigger/trigger.test | 22 +++++++++++----------- modules/update/update.fetch.inc | 2 +- modules/user/user.module | 3 +-- modules/user/user.pages.inc | 2 +- modules/user/user.test | 2 +- 26 files changed, 74 insertions(+), 64 deletions(-) (limited to 'modules') diff --git a/modules/aggregator/aggregator.install b/modules/aggregator/aggregator.install index bad9bac5a..43fcf8119 100644 --- a/modules/aggregator/aggregator.install +++ b/modules/aggregator/aggregator.install @@ -170,10 +170,10 @@ function aggregator_schema() { ), 'hash' => array( 'type' => 'varchar', - 'length' => 32, + 'length' => 64, 'not null' => TRUE, 'default' => '', - 'description' => 'Calculated md5 hash of the feed data, used for validating cache.', + 'description' => 'Calculated hash of the feed data, used for validating cache.', ), 'etag' => array( 'type' => 'varchar', @@ -275,7 +275,7 @@ function aggregator_schema() { * Add hash column to aggregator_feed table. */ function aggregator_update_7000() { - db_add_field('aggregator_feed', 'hash', array('type' => 'varchar', 'length' => 32, 'not null' => TRUE, 'default' => '')); + db_add_field('aggregator_feed', 'hash', array('type' => 'varchar', 'length' => 64, 'not null' => TRUE, 'default' => '')); } /** @@ -297,3 +297,4 @@ function aggregator_update_7002() { )); db_add_index('aggregator_feed', 'queued', array('queued')); } + diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index b6cf40c3b..172361a2b 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -614,12 +614,12 @@ function aggregator_refresh($feed) { list($fetcher, $parser, $processors) = _aggregator_get_variables(); $success = module_invoke($fetcher, 'aggregator_fetch', $feed); - // We store the md5 hash of feed data in the database. When refreshing a + // We store the hash of feed data in the database. When refreshing a // feed we compare stored hash and new hash calculated from downloaded // data. If both are equal we say that feed is not updated. - $md5 = md5($feed->source_string); + $hash = hash('sha256', $feed->source_string); - if ($success && ($feed->hash != $md5)) { + if ($success && ($feed->hash != $hash)) { // Parse the feed. if (module_invoke($parser, 'aggregator_parse', $feed)) { // Update feed with parsed data. @@ -630,7 +630,7 @@ function aggregator_refresh($feed) { 'link' => empty($feed->link) ? $feed->url : $feed->link, 'description' => empty($feed->description) ? '' : $feed->description, 'image' => empty($feed->image) ? '' : $feed->image, - 'hash' => $md5, + 'hash' => $hash, 'etag' => empty($feed->etag) ? '' : $feed->etag, 'modified' => empty($feed->modified) ? 0 : $feed->modified, )) diff --git a/modules/aggregator/tests/aggregator_test.module b/modules/aggregator/tests/aggregator_test.module index 46521995f..0e67bbf59 100644 --- a/modules/aggregator/tests/aggregator_test.module +++ b/modules/aggregator/tests/aggregator_test.module @@ -25,7 +25,7 @@ function aggregator_test_menu() { */ function aggregator_test_feed($use_last_modified = FALSE, $use_etag = FALSE) { $last_modified = strtotime('Sun, 19 Nov 1978 05:00:00 GMT'); - $etag = md5($last_modified); + $etag = drupal_hash_base64($last_modified); $if_modified_since = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) : FALSE; $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? stripslashes($_SERVER['HTTP_IF_NONE_MATCH']) : FALSE; diff --git a/modules/book/book.admin.inc b/modules/book/book.admin.inc index 02a45b24c..8d67dc323 100644 --- a/modules/book/book.admin.inc +++ b/modules/book/book.admin.inc @@ -154,7 +154,7 @@ function _book_admin_table($node, &$form) { $tree = book_menu_subtree_data($node->book); $tree = array_shift($tree); // Do not include the book item itself. if ($tree['below']) { - $hash = sha1(serialize($tree['below'])); + $hash = drupal_hash_base64(serialize($tree['below'])); // Store the hash value as a hidden form element so that we can detect // if another user changed the book hierarchy. $form['tree_hash'] = array( diff --git a/modules/book/book.module b/modules/book/book.module index ab09be7c7..f7f2219e8 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -1273,7 +1273,7 @@ function book_menu_subtree_data($link) { $data['node_links'] = array(); menu_tree_collect_node_links($data['tree'], $data['node_links']); // Compute the real cid for book subtree data. - $tree_cid = 'links:' . $item['menu_name'] . ':subtree-data:' . md5(serialize($data)); + $tree_cid = 'links:' . $item['menu_name'] . ':subtree-data:' . hash('sha256', serialize($data)); // Cache the data, if it is not already in the cache. if (!cache_get($tree_cid, 'cache_menu')) { diff --git a/modules/color/color.module b/modules/color/color.module index 0f27c99dc..f58f6fdcc 100644 --- a/modules/color/color.module +++ b/modules/color/color.module @@ -329,7 +329,7 @@ function color_scheme_form_submit($form, &$form_state) { } // Prepare target locations for generated files. - $id = $theme . '-' . substr(md5(serialize($palette) . microtime()), 0, 8); + $id = $theme . '-' . substr(hash('sha256', serialize($palette) . microtime()), 0, 8); $paths['color'] = 'public://color'; $paths['target'] = $paths['color'] . '/' . $id; foreach ($paths as $path) { diff --git a/modules/field/tests/field.test b/modules/field/tests/field.test index b24dc9ea7..378319a44 100644 --- a/modules/field/tests/field.test +++ b/modules/field/tests/field.test @@ -2715,7 +2715,7 @@ class FieldTranslationsTestCase extends FieldTestCase { $results = _field_invoke('test_op', $entity_type, $entity); foreach ($results as $langcode => $result) { - $hash = md5(serialize(array($entity_type, $entity, $this->field_name, $langcode, $values[$langcode]))); + $hash = hash('sha256', serialize(array($entity_type, $entity, $this->field_name, $langcode, $values[$langcode]))); // Check whether the parameters passed to _field_invoke() were correctly // forwarded to the callback function. $this->assertEqual($hash, $result, t('The result for %language is correctly stored.', array('%language' => $langcode))); @@ -2757,7 +2757,7 @@ class FieldTranslationsTestCase extends FieldTestCase { $grouped_results = _field_invoke_multiple('test_op_multiple', $entity_type, $entities); foreach ($grouped_results as $id => $results) { foreach ($results as $langcode => $result) { - $hash = md5(serialize(array($entity_type, $entities[$id], $this->field_name, $langcode, $values[$id][$langcode]))); + $hash = hash('sha256', serialize(array($entity_type, $entities[$id], $this->field_name, $langcode, $values[$id][$langcode]))); // Check whether the parameters passed to _field_invoke() were correctly // forwarded to the callback function. $this->assertEqual($hash, $result, t('The result for entity %id/%language is correctly stored.', array('%id' => $id, '%language' => $langcode))); diff --git a/modules/field/tests/field_test.module b/modules/field/tests/field_test.module index 51cd0df70..9403cac76 100644 --- a/modules/field/tests/field_test.module +++ b/modules/field/tests/field_test.module @@ -69,7 +69,7 @@ function field_test_menu() { * This simulates a field operation callback to be invoked by _field_invoke(). */ function field_test_field_test_op($entity_type, $entity, $field, $instance, $langcode, &$items) { - return array($langcode => md5(serialize(array($entity_type, $entity, $field['field_name'], $langcode, $items)))); + return array($langcode => hash('sha256', serialize(array($entity_type, $entity, $field['field_name'], $langcode, $items)))); } /** @@ -81,7 +81,7 @@ function field_test_field_test_op($entity_type, $entity, $field, $instance, $lan function field_test_field_test_op_multiple($entity_type, $entities, $field, $instances, $langcode, &$items) { $result = array(); foreach ($entities as $id => $entity) { - $result[$id] = array($langcode => md5(serialize(array($entity_type, $entity, $field['field_name'], $langcode, $items[$id])))); + $result[$id] = array($langcode => hash('sha256', serialize(array($entity_type, $entity, $field['field_name'], $langcode, $items[$id])))); } return $result; } diff --git a/modules/file/file.module b/modules/file/file.module index 44ef83c06..9f635f9d3 100644 --- a/modules/file/file.module +++ b/modules/file/file.module @@ -410,7 +410,7 @@ function file_managed_file_process($element, &$form_state, $form) { // Add progress bar support to the upload if possible. if ($element['#progress_indicator'] == 'bar' && $implementation = file_progress_implementation()) { - $upload_progress_key = md5(mt_rand()); + $upload_progress_key = mt_rand(); if ($implementation == 'uploadprogress') { $element['UPLOAD_IDENTIFIER'] = array( diff --git a/modules/filter/filter.install b/modules/filter/filter.install index 8c9bc4747..41108eaf0 100644 --- a/modules/filter/filter.install +++ b/modules/filter/filter.install @@ -98,7 +98,7 @@ function filter_schema() { ); $schema['cache_filter'] = drupal_get_schema_unprocessed('system', 'cache'); - $schema['cache_filter']['description'] = 'Cache table for the Filter module to store already filtered pieces of text, identified by text format and md5 hash of the text.'; + $schema['cache_filter']['description'] = 'Cache table for the Filter module to store already filtered pieces of text, identified by text format and hash of the text.'; return $schema; } diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 795315fd6..ad5ec9b19 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -681,7 +681,7 @@ function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE) $cache = $cache && !empty($format->cache); $cache_id = ''; if ($cache) { - $cache_id = $format->format . ':' . $langcode . ':' . md5($text); + $cache_id = $format->format . ':' . $langcode . ':' . hash('sha256', $text); if ($cached = cache_get($cache_id, 'cache_filter')) { return $cached->data; } diff --git a/modules/image/image.module b/modules/image/image.module index 1793447ab..516031e24 100644 --- a/modules/image/image.module +++ b/modules/image/image.module @@ -632,19 +632,19 @@ function image_style_generate() { $path = implode('/', $args); $path = $scheme . '://' . $path; - $path_md5 = md5($path); + $path_hash = drupal_hash_base64($path); $destination = image_style_path($style['name'], $path); // Check that it's a defined style and that access was granted by // image_style_url(). - if (!$style || !cache_get('access:' . $style_name . ':' . $path_md5, 'cache_image')) { + if (!$style || !cache_get('access:' . $style_name . ':' . $path_hash, 'cache_image')) { drupal_access_denied(); drupal_exit(); } // Don't start generating the image if the derivate already exists or if // generation is in progress in another thread. - $lock_name = 'image_style_generate:' . $style_name . ':' . $path_md5; + $lock_name = 'image_style_generate:' . $style_name . ':' . $path_hash; if (!file_exists($destination)) { $lock_acquired = lock_acquire($lock_name); if (!$lock_acquired) { @@ -783,7 +783,7 @@ function image_style_url($style_name, $path) { // Set a cache entry to grant access to this style/image path. This will be // checked by image_style_generate(). - cache_set('access:' . $style_name . ':' . md5($path), 1, 'cache_image', REQUEST_TIME + 600); + cache_set('access:' . $style_name . ':' . drupal_hash_base64($path), 1, 'cache_image', REQUEST_TIME + 600); $scheme = file_uri_scheme($path); $target = file_uri_target($path); diff --git a/modules/image/image.test b/modules/image/image.test index fded5671d..74d33e9db 100644 --- a/modules/image/image.test +++ b/modules/image/image.test @@ -190,7 +190,7 @@ class ImageStylesPathAndUrlUnitTest extends DrupalWebTestCase { // Fetch the URL that generates the file while another process appears to // be generating the same file (this is signaled using a lock). - $lock_name = 'image_style_generate:' . $this->style_name . ':' . md5($original_uri); + $lock_name = 'image_style_generate:' . $this->style_name . ':' . drupal_hash_base64($original_uri); $this->assertTrue(lock_acquire($lock_name), t('Lock was acquired.')); $this->drupalGet($expected_generate_url); $this->assertResponse(503, t('Service Unavailable response received.')); diff --git a/modules/locale/locale.install b/modules/locale/locale.install index 13c2ee93f..1bc877c47 100644 --- a/modules/locale/locale.install +++ b/modules/locale/locale.install @@ -81,6 +81,13 @@ function locale_update_7001() { return array(); } +/** + * Allow longer javascript file names. + */ +function locale_update_7002() { + db_change_field('languages', 'javascript', 'javascript', array('type' => 'varchar', 'length' => 64, 'not null' => TRUE, 'default' => '')); +} + /** * @} End of "defgroup updates-6.x-to-7.x" */ @@ -207,7 +214,7 @@ function locale_schema() { ), 'javascript' => array( 'type' => 'varchar', - 'length' => 32, + 'length' => 64, 'not null' => TRUE, 'default' => '', 'description' => 'Location of JavaScript translation file.', diff --git a/modules/menu/menu.test b/modules/menu/menu.test index ef7edf43a..960bc897c 100644 --- a/modules/menu/menu.test +++ b/modules/menu/menu.test @@ -100,7 +100,7 @@ class MenuTestCase extends DrupalWebTestCase { */ function addCustomMenuCRUD() { // Add a new custom menu. - $menu_name = substr(md5($this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI); + $menu_name = substr(hash('sha256', $this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI); $title = $this->randomName(16); $menu = array( @@ -130,7 +130,7 @@ class MenuTestCase extends DrupalWebTestCase { // Try adding a menu using a menu_name that is too long. $this->drupalGet('admin/structure/menu/add'); - $menu_name = substr(md5($this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI + 1); + $menu_name = substr(hash('sha256', $this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI + 1); $title = $this->randomName(16); $edit = array( 'menu_name' => $menu_name, @@ -143,7 +143,7 @@ class MenuTestCase extends DrupalWebTestCase { $this->assertText(format_plural(MENU_MAX_MENU_NAME_LENGTH_UI, "The menu name can't be longer than 1 character.", "The menu name can't be longer than @count characters."), t('Validation failed when menu name is too long.')); // Change the menu_name so it no longer exceeds the maximum length. - $menu_name = substr(md5($this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI); + $menu_name = substr(hash('sha256', $this->randomName(16)), 0, MENU_MAX_MENU_NAME_LENGTH_UI); $edit['menu_name'] = $menu_name; $this->drupalPost('admin/structure/menu/add', $edit, t('Save')); diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php index 58aa5a814..fa44ae597 100644 --- a/modules/simpletest/drupal_web_test_case.php +++ b/modules/simpletest/drupal_web_test_case.php @@ -1075,7 +1075,7 @@ class DrupalWebTestCase extends DrupalTestCase { */ protected function drupalGetToken($value = '') { $private_key = drupal_get_private_key(); - return md5($this->session_id . $value . $private_key); + return drupal_hmac_base64($value, $this->session_id . $private_key); } /* diff --git a/modules/simpletest/tests/actions.test b/modules/simpletest/tests/actions.test index eaf86e47b..e88021f64 100644 --- a/modules/simpletest/tests/actions.test +++ b/modules/simpletest/tests/actions.test @@ -21,7 +21,7 @@ class ActionsConfigurationTestCase extends DrupalWebTestCase { // Make a POST request to admin/config/system/actions/manage. $edit = array(); - $edit['action'] = md5('system_goto_action'); + $edit['action'] = drupal_hash_base64('system_goto_action'); $this->drupalPost('admin/config/system/actions/manage', $edit, t('Create')); // Make a POST request to the individual action configuration page. @@ -29,7 +29,7 @@ class ActionsConfigurationTestCase extends DrupalWebTestCase { $action_label = $this->randomName(); $edit['actions_label'] = $action_label; $edit['url'] = 'admin'; - $this->drupalPost('admin/config/system/actions/configure/' . md5('system_goto_action'), $edit, t('Save')); + $this->drupalPost('admin/config/system/actions/configure/' . drupal_hash_base64('system_goto_action'), $edit, t('Save')); // Make sure that the new complex action was saved properly. $this->assertText(t('The action has been successfully saved.'), t("Make sure we get a confirmation that we've successfully saved the complex action.")); @@ -87,7 +87,7 @@ class ActionLoopTestCase extends DrupalWebTestCase { $user = $this->drupalCreateUser(array('administer actions')); $this->drupalLogin($user); - $hash = md5('actions_loop_test_log'); + $hash = drupal_hash_base64('actions_loop_test_log'); $edit = array('aid' => $hash); $this->drupalPost('admin/structure/trigger/actions_loop_test', $edit, t('Assign')); diff --git a/modules/simpletest/tests/registry.test b/modules/simpletest/tests/registry.test index 09464922c..81bcfd8ef 100644 --- a/modules/simpletest/tests/registry.test +++ b/modules/simpletest/tests/registry.test @@ -11,9 +11,10 @@ class RegistryParseFileTestCase extends DrupalWebTestCase { } function setUp() { - $this->fileName = 'registry_test_' . md5(rand()); - $this->className = 'registry_test_class' . md5(rand()); - $this->interfaceName = 'registry_test_interface' . md5(rand()); + $chrs = hash('sha256', microtime() . mt_rand()); + $this->fileName = 'registry_test_' . substr($chrs, 0, 16); + $this->className = 'registry_test_class' . substr($chrs, 16, 16); + $this->interfaceName = 'registry_test_interface' . substr($chrs, 32, 16); parent::setUp(); } @@ -61,18 +62,19 @@ class RegistryParseFilesTestCase extends DrupalWebTestCase { // Create files with some php to parse - one 'new', one 'existing' so // we test all the important code paths in _registry_parse_files. foreach ($this->fileTypes as $fileType) { + $chrs = hash('sha256', microtime() . mt_rand()); $this->$fileType = new stdClass(); - $this->$fileType->fileName = file_directory_path() . '/registry_test_' . md5(rand()); - $this->$fileType->className = 'registry_test_class' . md5(rand()); - $this->$fileType->interfaceName = 'registry_test_interface' . md5(rand()); + $this->$fileType->fileName = file_directory_path() . '/registry_test_' . substr($chrs, 0, 16); + $this->$fileType->className = 'registry_test_class' . substr($chrs, 16, 16); + $this->$fileType->interfaceName = 'registry_test_interface' . substr($chrs, 32, 16); $this->$fileType->contents = $this->getFileContents($fileType); file_save_data($this->$fileType->contents, $this->$fileType->fileName); if ($fileType == 'existing_changed') { db_insert('registry_file') ->fields(array( - 'filectime' => rand(1, 1000000), - 'filemtime' => rand(1, 1000000), + 'filectime' => mt_rand(1, 1000000), + 'filemtime' => mt_rand(1, 1000000), 'filename' => $this->$fileType->fileName, )) ->execute(); @@ -81,7 +83,7 @@ class RegistryParseFilesTestCase extends DrupalWebTestCase { foreach (array('class', 'interface') as $type) { db_insert('registry') ->fields(array( - 'name' => $type . md5(rand()), + 'name' => $type . hash('sha256', microtime() . mt_rand()), 'type' => $type, 'filename' => $this->$fileType->fileName, )) @@ -117,8 +119,8 @@ class RegistryParseFilesTestCase extends DrupalWebTestCase { foreach ($this->fileTypes as $fileType) { $files[$this->$fileType->fileName] = array('module' => '', 'weight' => 0); if ($fileType == 'existing_changed') { - $files[$this->$fileType->fileName]['filectime'] = rand(1, 1000000); - $files[$this->$fileType->fileName]['filemtime'] = rand(1, 1000000); + $files[$this->$fileType->fileName]['filectime'] = mt_rand(1, 1000000); + $files[$this->$fileType->fileName]['filemtime'] = mt_rand(1, 1000000); } } return $files; diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index ec20138a1..9722664c6 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -2928,7 +2928,7 @@ function system_actions_manage_form_submit($form, &$form_state) { * on our elements. * * @param $action - * md5 hash of an action ID or an integer. If it is an md5 hash, we are + * Hash of an action ID or an integer. If it is a hash, we are * creating a new instance. If it is an integer, we are editing an existing * instance. * @return @@ -2953,7 +2953,7 @@ function system_actions_configure($form, &$form_state, $action = NULL) { $edit['actions_label'] = $data->label; $edit['actions_type'] = $data->type; $function = $data->callback; - $action = md5($data->callback); + $action = drupal_hash_base64($data->callback); $params = unserialize($data->parameters); if ($params) { foreach ($params as $name => $val) { diff --git a/modules/system/system.install b/modules/system/system.install index 8e04d51ff..ec6c7c021 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -419,7 +419,7 @@ function system_install() { ->execute(); // Populate the cron key variable. - $cron_key = md5(mt_rand()); + $cron_key = drupal_hash_base64(drupal_random_bytes(55)); variable_set('cron_key', $cron_key); } @@ -1557,7 +1557,7 @@ function system_update_7000() { * Generate a cron key and save it in the variables table. */ function system_update_7001() { - variable_set('cron_key', md5(mt_rand())); + variable_set('cron_key', drupal_hash_base64(drupal_random_bytes(55))); } /** diff --git a/modules/trigger/trigger.admin.inc b/modules/trigger/trigger.admin.inc index 6e0ef12b0..d0e12661c 100644 --- a/modules/trigger/trigger.admin.inc +++ b/modules/trigger/trigger.admin.inc @@ -155,10 +155,11 @@ function trigger_assign_form($form, $form_state, $module, $hook, $label) { foreach ($actions as $aid => $info) { // If action is defined unassign it, otherwise offer to delete all orphaned // actions. - if (actions_function_lookup(md5($aid))) { + $hash = drupal_hash_base64($aid, TRUE); + if (actions_function_lookup($hash)) { $form[$hook]['assigned']['#value'][$aid] = array( 'label' => $info['label'], - 'link' => l(t('unassign'), "admin/structure/trigger/unassign/$module/$hook/" . md5($aid)), + 'link' => l(t('unassign'), "admin/structure/trigger/unassign/$module/$hook/$hash"), ); } else { diff --git a/modules/trigger/trigger.test b/modules/trigger/trigger.test index 12fd7770a..fd4e2be42 100644 --- a/modules/trigger/trigger.test +++ b/modules/trigger/trigger.test @@ -19,7 +19,7 @@ class TriggerWebTestCase extends DrupalWebTestCase { */ protected function configureAdvancedAction($action, $edit) { // Create an advanced action. - $hash = md5($action); + $hash = drupal_hash_base64($action); $this->drupalPost("admin/config/system/actions/configure/$hash", $edit, t('Save')); $this->assertText(t('The action has been successfully saved.')); @@ -58,7 +58,7 @@ class TriggerContentTestCase extends TriggerWebTestCase { $test_user = $this->drupalCreateUser(array('administer actions')); $web_user = $this->drupalCreateUser(array('create page content', 'access content', 'administer nodes')); foreach ($content_actions as $action) { - $hash = md5($action); + $hash = drupal_hash_base64($action); $info = $this->actionInfo($action); // Assign an action to a trigger, then pull the trigger, and make sure @@ -112,7 +112,7 @@ class TriggerContentTestCase extends TriggerWebTestCase { } $action_id = 'trigger_test_generic_any_action'; - $hash = md5($action_id); + $hash = drupal_hash_base64($action_id); $edit = array('aid' => $hash); $this->drupalPost('admin/structure/trigger/node', $edit, t('Assign'), array(), array(), 'trigger-node-update-assign-form'); @@ -200,7 +200,7 @@ class TriggerCronTestCase extends TriggerWebTestCase { $this->drupalLogin($test_user); // Assign a non-configurable action to the cron run trigger. - $edit = array('aid' => md5('trigger_test_system_cron_action')); + $edit = array('aid' => drupal_hash_base64('trigger_test_system_cron_action')); $this->drupalPost('admin/structure/trigger/system', $edit, t('Assign'), array(), array(), 'trigger-cron-assign-form'); // Assign a configurable action to the cron trigger. @@ -212,7 +212,7 @@ class TriggerCronTestCase extends TriggerWebTestCase { $aid = $this->configureAdvancedAction('trigger_test_system_cron_conf_action', $edit); // $aid is likely 3 but if we add more uses for the sequences table in // core it might break, so it is easier to get the value from the database. - $edit = array('aid' => md5($aid)); + $edit = array('aid' => drupal_hash_base64($aid)); $this->drupalPost('admin/structure/trigger/system', $edit, t('Assign'), array(), array(), 'trigger-cron-assign-form'); // Add a second configurable action to the cron trigger. @@ -222,7 +222,7 @@ class TriggerCronTestCase extends TriggerWebTestCase { 'subject' => $action_label, ); $aid = $this->configureAdvancedAction('trigger_test_system_cron_conf_action', $edit); - $edit = array('aid' => md5($aid)); + $edit = array('aid' => drupal_hash_base64($aid)); $this->drupalPost('admin/structure/trigger/system', $edit, t('Assign'), array(), array(), 'trigger-cron-assign-form'); // Force a cron run. @@ -265,7 +265,7 @@ class TriggerOtherTestCase extends TriggerWebTestCase { $test_user = $this->drupalCreateUser(array('administer actions')); $this->drupalLogin($test_user); $action_id = 'trigger_test_generic_action'; - $hash = md5($action_id); + $hash = drupal_hash_base64($action_id); $edit = array('aid' => $hash); $this->drupalPost('admin/structure/trigger/user', $edit, t('Assign'), array(), array(), 'trigger-user-insert-assign-form'); @@ -300,7 +300,7 @@ class TriggerOtherTestCase extends TriggerWebTestCase { // Configure an advanced action that we can assign. $aid = $this->configureAdvancedAction('system_message_action', $action_edit); - $edit = array('aid' => md5($aid)); + $edit = array('aid' => drupal_hash_base64($aid)); $this->drupalPost('admin/structure/trigger/user', $edit, t('Assign'), array(), array(), 'trigger-user-login-assign-form'); // Verify that the action has been assigned to the correct hook. @@ -322,7 +322,7 @@ class TriggerOtherTestCase extends TriggerWebTestCase { $test_user = $this->drupalCreateUser(array('administer actions')); $this->drupalLogin($test_user); $action_id = 'trigger_test_generic_action'; - $hash = md5($action_id); + $hash = drupal_hash_base64($action_id); $edit = array('aid' => $hash); $this->drupalPost('admin/structure/trigger/comment', $edit, t('Assign'), array(), array(), 'trigger-comment-insert-assign-form'); @@ -351,7 +351,7 @@ class TriggerOtherTestCase extends TriggerWebTestCase { $test_user = $this->drupalCreateUser(array('administer actions')); $this->drupalLogin($test_user); $action_id = 'trigger_test_generic_action'; - $hash = md5($action_id); + $hash = drupal_hash_base64($action_id); $edit = array('aid' => $hash); $this->drupalPost('admin/structure/trigger/taxonomy', $edit, t('Assign'), array(), array(), 'trigger-taxonomy-term-insert-assign-form'); @@ -403,7 +403,7 @@ class TriggerOrphanedActionsTestCase extends DrupalWebTestCase { */ function testActionsOrphaned() { $action = 'trigger_test_generic_any_action'; - $hash = md5($action); + $hash = drupal_hash_base64($action); // Assign an action from a disable-able module to a trigger, then pull the // trigger, and make sure the actions fire. diff --git a/modules/update/update.fetch.inc b/modules/update/update.fetch.inc index 4f55f0a10..b21df684d 100644 --- a/modules/update/update.fetch.inc +++ b/modules/update/update.fetch.inc @@ -137,7 +137,7 @@ function _update_process_fetch_task($project) { $success = FALSE; $available = array(); - $site_key = md5($base_url . drupal_get_private_key()); + $site_key = drupal_hmac_base64($base_url, drupal_get_private_key()); $url = _update_build_fetch_url($project, $site_key); $fetch_url_base = _update_get_fetch_url_base($project); $project_name = $project['name']; diff --git a/modules/user/user.module b/modules/user/user.module index 3ceb4cf7a..0f3318cde 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2092,8 +2092,7 @@ function user_cancel_url($account) { } function user_pass_rehash($password, $timestamp, $login) { - // A single md5() is vulnerable to length-extension attacks, so use it twice. - return md5(drupal_get_hash_salt() . md5($timestamp . $password . $login)); + return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password); } /** diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 74d508644..2ec4df176 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -134,7 +134,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a user_login_finalize(); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.')); // Let the user's password be changed without the current password check. - $token = md5(drupal_random_bytes(55)); + $token = drupal_hash_base64(drupal_random_bytes(55)); $_SESSION['pass_reset_' . $user->uid] = $token; drupal_goto('user/' . $user->uid . '/edit', array('query' => array('pass-reset-token' => $token))); } diff --git a/modules/user/user.test b/modules/user/user.test index 33d90ec1a..903fd16bf 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -1259,7 +1259,7 @@ class UserBlocksUnitTests extends DrupalWebTestCase { private function insertSession(array $fields = array()) { $fields += array( 'uid' => 0, - 'sid' => md5(uniqid(mt_rand(), TRUE)), + 'sid' => drupal_hash_base64(uniqid(mt_rand(), TRUE)), 'timestamp' => REQUEST_TIME, ); db_insert('sessions') -- cgit v1.2.3