mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 03:10:09 +02:00
Code Issues Releases Wiki Activity

Properly use HMAC for secure munging.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2013-09-13 21:16:50 -07:00
parent fac747bdbd
commit cf44f399f8
6 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt
View File

@@ -11,7 +11,7 @@ DEFAULT: NULL
to check if a URI has passed through HTML Purifier with this line:
</p>
<pre>$checksum === sha1($secret_key . ':' . $url)</pre>
<pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
<p>
If the output is TRUE, the redirector script should accept the URI.