Actions
Patch #40652
closedReplace MD5 with SHA256 when creating the hash for gravatar URL
Status:
Closed
Priority:
Normal
Assignee:
Category:
Code cleanup/refactoring
Target version:
Start date:
Due date:
% Done:
0%
Estimated time:
Description
https://docs.gravatar.com/avatars/hash/
This is extracted from #35217.
diff --git a/lib/plugins/gravatar/lib/gravatar.rb b/lib/plugins/gravatar/lib/gravatar.rb
index ea4a37cb5..4dc27db52 100644
--- a/lib/plugins/gravatar/lib/gravatar.rb
+++ b/lib/plugins/gravatar/lib/gravatar.rb
@@ -1,6 +1,5 @@
# frozen_string_literal: true
-require 'digest/md5'
require 'cgi'
module GravatarHelper
@@ -65,7 +64,7 @@ module GravatarHelper
# Return the gravatar URL for the given email address.
def gravatar_url(email, options={})
- email_hash = Digest::MD5.hexdigest(email)
+ email_hash = Digest::SHA256.hexdigest(email)
options = DEFAULT_OPTIONS.merge(options)
options[:default] = CGI::escape(options[:default]) unless options[:default].nil?
gravatar_api_url(email_hash).tap do |url|
Files
Related issues
Actions