Since comment name is null for authenticated comments the md5 hash on line ~238 should include the username if the comment['name'] is null.

This affects 6.x and 5.x-2.x.

Comments

greggles’s picture

Title:md5 hash should use either the name from the comment OR the username (whichever is populated)» md5 hash could use drupal_get_token
greggles’s picture

Assigned:Unassigned» greggles
Status:Active» Needs review
StatusFileSize
new2.52 KB
new2.59 KB

And...patches.

greggles’s picture

Title:md5 hash could use drupal_get_token» notify_hash could just use drupal_get_token
Status:Needs review» Fixed

Applied to both 5.x-2.x and 6.x

Porting was a bit of a pain. I'm starting to think that I should drop support for 5.x (or at least stop backporting...)

Anonymous’s picture

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.