From df3a9105e843d8f41abb85b7a1416f538f2896e2 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 27 Oct 2016 10:04:30 +0200 Subject: [PATCH] Bug 17494: Make sure the same verification token won't be generated twice Well, this patch does not enforce the unique constraint but mimic what is already done in C4::ImportExportFramework and Koha::Upload where md5_hex is used. Test plan: Have a look at the code and confirm that it adds more randomness to the hashed string Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall --- opac/opac-memberentry.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 685d1caec0..6bdd66a32e 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -138,7 +138,7 @@ if ( $action eq 'create' ) { ); $template->param( 'email' => $borrower{'email'} ); - my $verification_token = md5_hex( \%borrower ); + my $verification_token = md5_hex( time().{}.rand().{}.$$ ); $borrower{password} = random_string(".........."); $borrower{verification_token} = $verification_token; -- 2.39.5