From 62d2550e16b1b99cf4946329c9b5b22a02f5ae09 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 27 Oct 2012 02:33:22 -0700 Subject: [PATCH] Use SHA-1 instead of MD5. Signed-off-by: Edward Z. Yang --- NEWS | 1 + library/HTMLPurifier/Config.php | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index cfcfc97f..bfc03050 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier this also means it's no longer possible to override attribute transforms in later modules. No internal code was using this but this may break some clients. +# We now use SHA-1 to identify cached definitions, instead of MD5. ! Support display:inline-block ! Support for more white-space CSS values. ! Permit underscores in font families diff --git a/library/HTMLPurifier/Config.php b/library/HTMLPurifier/Config.php index 648115b9..b4f43bb5 100644 --- a/library/HTMLPurifier/Config.php +++ b/library/HTMLPurifier/Config.php @@ -189,7 +189,7 @@ class HTMLPurifier_Config } /** - * Returns a md5 signature of a segment of the configuration object + * Returns a SHA-1 signature of a segment of the configuration object * that uniquely identifies that particular configuration * @note Revision is handled specially and is removed from the batch * before processing! @@ -199,18 +199,18 @@ class HTMLPurifier_Config if (empty($this->serials[$namespace])) { $batch = $this->getBatch($namespace); unset($batch['DefinitionRev']); - $this->serials[$namespace] = md5(serialize($batch)); + $this->serials[$namespace] = sha1(serialize($batch)); } return $this->serials[$namespace]; } /** - * Returns a md5 signature for the entire configuration object + * Returns a SHA-1 signature for the entire configuration object * that uniquely identifies that particular configuration */ public function getSerial() { if (empty($this->serial)) { - $this->serial = md5(serialize($this->getAll())); + $this->serial = sha1(serialize($this->getAll())); } return $this->serial; } -- 2.11.4.GIT