Since comment name is null for authenticated comments the md5 hash on line ~238 should include the username if the comment['name'] is null.

This affects 6.x and 5.x-2.x.

CommentFileSizeAuthor
#2 294095_notify_token_plus_some_kittens.patch2.59 KBgreggles
#2 294095_notify_token_plus_some_kittens_5.patch2.52 KBgreggles

Comments

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Title: md5 hash should use either the name from the comment OR the username (whichever is populated) » md5 hash could use drupal_get_token

Or just http://api.drupal.org/api/function/drupal_get_token

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Assigned: Unassigned » greggles
Status: Active » Needs review
StatusFileSize
new 294095_notify_token_plus_some_kittens_5.patch2.52 KB
new 294095_notify_token_plus_some_kittens.patch2.59 KB

And...patches.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Title: md5 hash could use drupal_get_token » notify_hash could just use drupal_get_token
Status: Needs review » Fixed

Applied to both 5.x-2.x and 6.x

Porting was a bit of a pain. I'm starting to think that I should drop support for 5.x (or at least stop backporting...)

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.