Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Per Drupal secure coding standards at http://drupal.org/node/845876
md5 and sha1 should not be used any place in Drupal core since 7.0, but are re-introduced in the Filter module for 8.x (and also 7.x)
core/modules/filter/filter.module
1715: $hash = md5($content);
core/modules/filter/lib/Drupal/filter/Tests/FilterHtmlImageSecureTest.php
117: $comment[] = '<img src="' . $image . '" testattribute="' . md5($image) . '" />';
125: foreach ($this->xpath('//img[@testattribute="' . md5($image) . '"]') as $element) {
Comment | File | Size | Author |
---|---|---|---|
#6 | 1884830-6.patch | 506 bytes | dcam |
#1 | 1884830-1.patch | 1.84 KB | pwolanin |
Comments
Comment #1
pwolanin CreditAttribution: pwolanin commentedComment #2
pwolanin CreditAttribution: pwolanin commentedComment #3
Elijah LynnTested locally on my LAMP stack, passed all tests.
Comment #4
webchickCommitted and pushed to 8.x. Thanks!
Comment #5
pwolanin CreditAttribution: pwolanin commentedI think this needs a backport to 7 too.
Comment #6
dcam CreditAttribution: dcam commentedBackported #1 to D7. It looks to me like the test changes are not backportable.
Comment #11
pwolanin CreditAttribution: pwolanin as a volunteer and at SciShield commentedComment #12
stefan.r CreditAttribution: stefan.r commentedLooks good! No need to do a change record for this in case anyone was relying on a specific hash?
Comment #14
stefan.r CreditAttribution: stefan.r commentedCommitted and pushed to 7.x, thanks!
Comment #16
gregglesUpdating the title to the slightly more specific description of what the change was.