[Fusionforge-commits] FusionForge branch Branch_5_1 updated. 7482f59773e9d549fb61a46646fcf37626904ae6
Thorsten Glaser
mirabilos at fusionforge.org
Mon Mar 25 15:31:33 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, Branch_5_1 has been updated
via 7482f59773e9d549fb61a46646fcf37626904ae6 (commit)
from 174fdc2daae367cd7eddbe1ba699bcb0d2428d66 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7482f59773e9d549fb61a46646fcf37626904ae6
Author: Thorsten Glaser <tg at mirbsd.org>
Date: Mon Mar 25 15:30:54 2013 +0100
oops, use raw octet HMAC output (for size reasons)
this does work as tested on CentOS 5 (php-cli-5.1.6-39.el5_8)…
diff --git a/src/common/include/session.php b/src/common/include/session.php
index e07e4f8..11bf7fe 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -58,7 +58,7 @@ function session_build_session_cookie($user_id) {
$session_cookie .= '<' . util_html_encode($s);
}
$session_cookie_hmac = hash_hmac("sha256", $session_cookie,
- forge_get_config('session_key'));
+ forge_get_config('session_key'), true);
$session_serial_cookie = base64_encode($session_cookie) . '!' .
base64_encode($session_cookie_hmac);
return $session_serial_cookie;
@@ -103,7 +103,7 @@ function session_check_session_cookie($session_cookie) {
$session_cookie = base64_decode($session_cookie);
$session_cookie_hmac = base64_decode($session_cookie_hmac);
if (hash_hmac("sha256", $session_cookie,
- forge_get_config('session_key')) !== $session_cookie_hmac) {
+ forge_get_config('session_key'), true) !== $session_cookie_hmac) {
/* HMAC mismatch */
return false;
}
-----------------------------------------------------------------------
Summary of changes:
src/common/include/session.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list