security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c
[Security] Add a separator in the remember me cookie hash
This commit is contained in:
commit
0a4ed67b0d
@ -120,6 +120,6 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
|
|||||||
*/
|
*/
|
||||||
protected function generateCookieHash($class, $username, $expires, $password)
|
protected function generateCookieHash($class, $username, $expires, $password)
|
||||||
{
|
{
|
||||||
return hash_hmac('sha256', $class.$username.$expires.$password, $this->getSecret());
|
return hash_hmac('sha256', $class.self::COOKIE_DELIMITER.$username.self::COOKIE_DELIMITER.$expires.self::COOKIE_DELIMITER.$password, $this->getSecret());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user