the md5() and sha1() hash functions should never be used in any code

Created on 18 September 2018, over 6 years ago
Updated 29 January 2024, 11 months ago

Problem/Motivation

Use of a Broken or Risky Cryptographic Algorithm in modules/contrib/entity_browser/src/plugin/field/fieldwidget/entityreferencebrowserwidget.php (line 522)

'#name' => $this->fieldDefinition->getName() . '_remove_' . $entity->id() . '_' . $row_id . '_' . md5(json_encode($field_parents)),

See https://www.drupal.org/node/845876

the md5() and sha1() hash functions should never be used in any code

this can be a problem if, for example, Government entities require such audits - which would then require additional documentation to verify that they are indeed, not a security issue.

Proposed resolution

use \Drupal\Component\Utility\Crypt::hashBase64($data)

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Needs review

Version

2.0

Component

Display plugins

Created by

🇮🇳India FlutterStack

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024