meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2026-02-01 03:57:15 +00:00
Code Issues Releases Wiki Activity

Switches from MD5 to SHA256 when computing the hash for gravatar URL (#40652).

Browse Source 
git-svn-id: https://svn.redmine.org/redmine/trunk@22802 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu 2024-05-02 20:23:05 +00:00
parent 6f82abf463
commit 3433731585
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/plugins/gravatar/lib/gravatar.rb
View File

@ -1,6 +1,5 @@
# frozen_string_literal: true
require 'digest/md5'
require 'cgi'
module GravatarHelper
@ -65,7 +64,7 @@ module GravatarHelper
# Return the gravatar URL for the given email address.
def gravatar_url(email, options={})
email_hash = Digest::MD5.hexdigest(email)
email_hash = Digest::SHA256.hexdigest(email)
options = DEFAULT_OPTIONS.merge(options)
options[:default] = CGI::escape(options[:default]) unless options[:default].nil?
gravatar_api_url(email_hash).tap do |url|

4
test/helpers/avatars_helper_test.rb
View File

@ -31,11 +31,11 @@ class AvatarsHelperTest < Redmine::HelperTest
end
def test_avatar_with_user
assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo'))
assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo'))
end
def test_avatar_with_email_string
assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar('jsmith <jsmith@somenet.foo>')
assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar('jsmith <jsmith@somenet.foo>')
end
def test_avatar_with_anonymous_user