Since comment name is null for authenticated comments the md5 hash on line ~238 should include the username if the comment['name'] is null.

This affects 6.x and 5.x-2.x.

Comments

greggles’s picture

Title: md5 hash should use either the name from the comment OR the username (whichever is populated) » md5 hash could use drupal_get_token
greggles’s picture

Assigned: Unassigned » greggles
Status: Active » Needs review
FileSize
2.52 KB
2.59 KB

And...patches.

greggles’s picture

Title: md5 hash could use drupal_get_token » notify_hash could just use drupal_get_token
Status: Needs review » Fixed

Applied to both 5.x-2.x and 6.x

Porting was a bit of a pain. I'm starting to think that I should drop support for 5.x (or at least stop backporting...)

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.