[Fusionforge-commits] FusionForge branch Branch_5_1 updated. 7482f59773e9d549fb61a46646fcf37626904ae6

Thorsten Glaser mirabilos at fusionforge.org
Mon Mar 25 15:31:33 CET 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_1 has been updated
       via  7482f59773e9d549fb61a46646fcf37626904ae6 (commit)
      from  174fdc2daae367cd7eddbe1ba699bcb0d2428d66 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7482f59773e9d549fb61a46646fcf37626904ae6
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Mon Mar 25 15:30:54 2013 +0100

    oops, use raw octet HMAC output (for size reasons)
    
    this does work as tested on CentOS 5 (php-cli-5.1.6-39.el5_8)…

diff --git a/src/common/include/session.php b/src/common/include/session.php
index e07e4f8..11bf7fe 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -58,7 +58,7 @@ function session_build_session_cookie($user_id) {
 		$session_cookie .= '<' . util_html_encode($s);
 	}
 	$session_cookie_hmac = hash_hmac("sha256", $session_cookie,
-	    forge_get_config('session_key'));
+	    forge_get_config('session_key'), true);
 	$session_serial_cookie = base64_encode($session_cookie) . '!' .
 	    base64_encode($session_cookie_hmac);
 	return $session_serial_cookie;
@@ -103,7 +103,7 @@ function session_check_session_cookie($session_cookie) {
 	$session_cookie = base64_decode($session_cookie);
 	$session_cookie_hmac = base64_decode($session_cookie_hmac);
 	if (hash_hmac("sha256", $session_cookie,
-	    forge_get_config('session_key')) !== $session_cookie_hmac) {
+	    forge_get_config('session_key'), true) !== $session_cookie_hmac) {
 		/* HMAC mismatch */
 		return false;
 	}

-----------------------------------------------------------------------

Summary of changes:
 src/common/include/session.php |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list