From f53fede65d6f15fa916b9c3ac370a73a95cf4791 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Mon, 30 Jul 2012 13:45:32 -0700
Subject: Bug 767623 - Use HMAC to generate tokens and sensitive graph
 filenames [r=LpSolit a=LpSolit]

---
 Bugzilla/Token.pm | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'Bugzilla/Token.pm')

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index feb707e70..264a28db1 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -24,7 +24,7 @@ use Bugzilla::User;
 use Date::Format;
 use Date::Parse;
 use File::Basename;
-use Digest::MD5 qw(md5_hex);
+use Digest::SHA qw(hmac_sha256_base64);
 
 use base qw(Exporter);
 
@@ -167,15 +167,13 @@ sub issue_hash_token {
     my $user_id = Bugzilla->user->id || remote_ip();
 
     # The concatenated string is of the form
-    # token creation time + site-wide secret + user ID (either ID or remote IP) + data
-    my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data);
+    # token creation time + user ID (either ID or remote IP) + data
+    my @args = ($time, $user_id, @$data);
 
     my $token = join('*', @args);
-    # Wide characters cause md5_hex() to die.
-    if (Bugzilla->params->{'utf8'}) {
-        utf8::encode($token) if utf8::is_utf8($token);
-    }
-    $token = md5_hex($token);
+    $token = hmac_sha256_base64($token, Bugzilla->localconfig->{'site_wide_secret'});
+    $token =~ s/\+/-/g;
+    $token =~ s/\//_/g;
 
     # Prepend the token creation time, unencrypted, so that the token
     # lifetime can be validated.
-- 
cgit v1.2.3-24-g4f1b