Change to safer hash methods.

2025-10-12 15:35:15 +00:00 · 2020-04-11 06:42:21 +02:00
parent 91deb22a3f
commit 6829003f5e
8 changed files with 15 additions and 12 deletions
--- a/app/Http/Controllers/JavascriptController.php
+++ b/app/Http/Controllers/JavascriptController.php
@@ -126,7 +126,7 @@ class JavascriptController extends Controller
        /** @noinspection NullPointerExceptionInspection */
        $lang      = $pref->data;
        $dateRange = $this->getDateRangeConfig();
-        $uid       = substr(hash('sha256', auth()->user()->id . auth()->user()->email), 0, 12);
+        $uid       = substr(hash('sha256', sprintf('%s-%s-%s', (string) config('app.key'), auth()->user()->id, auth()->user()->email)), 0, 12);

        $data = [
            'currencyCode'    => $currency->code,
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -555,7 +555,7 @@ class ProfileController extends Controller
        /** @var string $match */
        $match = null;
        foreach ($set as $entry) {
-            $hashed = hash('sha256', $entry->data);
+            $hashed = hash('sha256', sprintf('%s%s', (string) config('app.key'), $entry->data));
            if ($hashed === $hash) {
                $match = $entry->data;
                break;