[pve-devel] [PATCH accesscontrol 2/2] use hmac_sha1 instead of sha1 for csrf token
Oguz Bektas
o.bektas at proxmox.com
Mon Jun 17 11:53:54 CEST 2019
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 5de060d..59a586e 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -212,7 +212,7 @@ my $csrf_prevention_secret;
my $get_csrfr_secret = sub {
if (!$csrf_prevention_secret) {
my $input = PVE::Tools::file_get_contents($pve_www_key_fn);
- $csrf_prevention_secret = Digest::SHA::sha1_base64($input);
+ $csrf_prevention_secret = Digest::SHA::hmac_sha1_base64($input);
}
return $csrf_prevention_secret;
};
--
2.11.0
More information about the pve-devel
mailing list