From: Marius Balteanu Date: Thu, 2 May 2024 20:23:05 +0000 (+0000) Subject: Switches from MD5 to SHA256 when computing the hash for gravatar URL (#40652). X-Git-Tag: 6.0.0~361 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3433731585b6126208cd855b46115d18d249fb1f;p=redmine.git Switches from MD5 to SHA256 when computing the hash for gravatar URL (#40652). git-svn-id: https://svn.redmine.org/redmine/trunk@22802 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/lib/plugins/gravatar/lib/gravatar.rb b/lib/plugins/gravatar/lib/gravatar.rb index ea4a37cb5..4dc27db52 100644 --- a/lib/plugins/gravatar/lib/gravatar.rb +++ b/lib/plugins/gravatar/lib/gravatar.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -require 'digest/md5' require 'cgi' module GravatarHelper @@ -65,7 +64,7 @@ module GravatarHelper # Return the gravatar URL for the given email address. def gravatar_url(email, options={}) - email_hash = Digest::MD5.hexdigest(email) + email_hash = Digest::SHA256.hexdigest(email) options = DEFAULT_OPTIONS.merge(options) options[:default] = CGI::escape(options[:default]) unless options[:default].nil? gravatar_api_url(email_hash).tap do |url| diff --git a/test/helpers/avatars_helper_test.rb b/test/helpers/avatars_helper_test.rb index 03a4b1ea1..06c4d5993 100644 --- a/test/helpers/avatars_helper_test.rb +++ b/test/helpers/avatars_helper_test.rb @@ -31,11 +31,11 @@ class AvatarsHelperTest < Redmine::HelperTest end def test_avatar_with_user - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) + assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) end def test_avatar_with_email_string - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') + assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') end def test_avatar_with_anonymous_user