Commit 9377a267 authored by Sudhir Krishna S's avatar Sudhir Krishna S

Access bypass vulnerability

parent 330fc68b
......@@ -76,8 +76,9 @@ function aws_amazon_menu() {
'type' => MENU_CALLBACK,
);
global $base_url;
//generate a unique URL per site that cannot be faked.
$token = hash('sha1', $base_url . variable_get('aws_amazon_access_key', ''));
$token = hash('sha1', $base_url . drupal_get_hash_salt() . variable_get('aws_amazon_access_key', drupal_get_hash_salt()));
$items['aws-amazon-cron/' . $token] = array(
'type' => MENU_CALLBACK,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment