Switches from MD5 to SHA256 when computing the hash for gravatar URL (#40652).

git-svn-id: https://svn.redmine.org/redmine/trunk@22802 e93f8b46-1217-0410-a6f0-8f06a7374b81

lib/plugins/gravatar/lib/gravatar.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'digest/md5'
 require 'cgi'
 
 module GravatarHelper
@@ -65,7 +64,7 @@ module GravatarHelper
 
     # Return the gravatar URL for the given email address.
     def gravatar_url(email, options={})
-      email_hash = Digest::MD5.hexdigest(email)
+      email_hash = Digest::SHA256.hexdigest(email)
       options = DEFAULT_OPTIONS.merge(options)
       options[:default] = CGI::escape(options[:default]) unless options[:default].nil?
       gravatar_api_url(email_hash).tap do |url|

test/helpers/avatars_helper_test.rb

@@ -31,11 +31,11 @@ class AvatarsHelperTest < Redmine::HelperTest
   end
 
   def test_avatar_with_user
-    assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo'))
+    assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo'))
   end
 
   def test_avatar_with_email_string
-    assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar('jsmith <jsmith@somenet.foo>')
+    assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar('jsmith <jsmith@somenet.foo>')
   end
 
   def test_avatar_with_anonymous_user