Commit 74239269 authored by pwolanin's avatar pwolanin Committed by greggles

Issue #790586 by pwolanin: add more secret info to the hash in the install function

parent 2959a471
......@@ -15,11 +15,13 @@ function comment_notify_install() {
$comments_select->join('users', 'u', 'c.uid = u.uid');
$comments_select->addField('c', 'cid');
$comments_select->addExpression('0', 'notify');
// Mix in a random string to all values.
$salt = uniqid(mt_rand, TRUE);
if (db_driver() == 'pgsql') {
$comments_select->addExpression('md5(c.mail || coalesce(u.mail, u.init) || c.uid || c.name || c.nid)', 'notify_hash');
$comments_select->addExpression("md5('" . $salt . "' || c.mail || coalesce(u.mail, u.init) || c.uid || c.name || c.nid || c.hostname)", 'notify_hash');
}
else {
$comments_select->addExpression('md5(concat(c.mail, ifnull(u.mail, u.init), c.uid, c.name, c.nid))', 'notify_hash');
$comments_select->addExpression("md5(concat('" . $salt . "', c.mail, ifnull(u.mail, u.init), c.uid, c.name, c.nid, c.hostname))", 'notify_hash');
}
// Set module weight low so that other modules act on the comment first.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment