[FOLLOWUP][TASK] Remove unnecessary usage of the encryption key 14/41914/2
authorGeorg Ringer <georg.ringer@gmail.com>
Fri, 24 Jul 2015 04:55:50 +0000 (06:55 +0200)
committerBenjamin Mack <benni@typo3.org>
Fri, 24 Jul 2015 10:13:40 +0000 (12:13 +0200)
md5() on the TYPO3 version can be used to guess the exact TYPO3 version.
Therefore change to hmac.

Change-Id: I9636ec1b16924e4b69926687c857fb76847cbec3
Releases: master
Resolves: #68365
Related: #68133
Reviewed-on: http://review.typo3.org/41914
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/core/Classes/Page/PageRenderer.php

index dec132e..bbfd71f 100644 (file)
@@ -1481,7 +1481,7 @@ class PageRenderer implements \TYPO3\CMS\Core\SingletonInterface {
                        if (GeneralUtility::getApplicationContext()->isDevelopment()) {
                                $this->requireJsConfig['urlArgs'] = 'bust=' . $GLOBALS['EXEC_TIME'];
                        } else {
-                               $this->requireJsConfig['urlArgs'] = 'bust=' . GeneralUtility::shortMD5(TYPO3_version);
+                               $this->requireJsConfig['urlArgs'] = 'bust=' . GeneralUtility::hmac(TYPO3_version . PATH_site);
                        }
                        // first, load all paths for the namespaces, and configure contrib libs.
                        $this->requireJsConfig['paths'] = array(