From 3410a8a9cfdb07112130044500e199c8047f7584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marius=20B=C4=82LTEANU?= Date: Thu, 2 May 2024 18:05:47 +0300 Subject: [PATCH] Replaces md5 with SHA256 when creating the hash for gravatar URL (#40652). diff --git a/lib/plugins/gravatar/lib/gravatar.rb b/lib/plugins/gravatar/lib/gravatar.rb index ea4a37cb5..4dc27db52 100644 --- a/lib/plugins/gravatar/lib/gravatar.rb +++ b/lib/plugins/gravatar/lib/gravatar.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -require 'digest/md5' require 'cgi' module GravatarHelper @@ -65,7 +64,7 @@ module GravatarHelper # Return the gravatar URL for the given email address. def gravatar_url(email, options={}) - email_hash = Digest::MD5.hexdigest(email) + email_hash = Digest::SHA256.hexdigest(email) options = DEFAULT_OPTIONS.merge(options) options[:default] = CGI::escape(options[:default]) unless options[:default].nil? gravatar_api_url(email_hash).tap do |url| diff --git a/test/helpers/avatars_helper_test.rb b/test/helpers/avatars_helper_test.rb index 03a4b1ea1..06c4d5993 100644 --- a/test/helpers/avatars_helper_test.rb +++ b/test/helpers/avatars_helper_test.rb @@ -31,11 +31,11 @@ class AvatarsHelperTest < Redmine::HelperTest end def test_avatar_with_user - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) + assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar(User.find_by_mail('jsmith@somenet.foo')) end def test_avatar_with_email_string - assert_include Digest::MD5.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') + assert_include Digest::SHA256.hexdigest('jsmith@somenet.foo'), avatar('jsmith ') end def test_avatar_with_anonymous_user -- 2.39.3 (Apple Git-146)