diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2020-02-04 08:59:41 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-02-04 09:06:55 +0100 |
| commit | 75daea2fc24da1c987d4fd979adb31a2c5a29d22 (patch) | |
| tree | a9cf1b272226ddca2d29a75f22fa48e34f9a3f9f | |
| parent | 8ae84156d62bfc24d71e65cfe4d5cb84b9b1bd91 (diff) | |
Refs #27604 -- Fixed loading of legacy cookie hashes when CookieStorage.key_salt is changed.
This partially reverts bcc9fa25285f506666fa5074fc43c7114d61bb79 to
not break legacy hashes when key_salt is actually changed.
| -rw-r--r-- | django/contrib/messages/storage/cookie.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/django/contrib/messages/storage/cookie.py b/django/contrib/messages/storage/cookie.py index 5f0366fb19..78256ca3b2 100644 --- a/django/contrib/messages/storage/cookie.py +++ b/django/contrib/messages/storage/cookie.py @@ -129,7 +129,11 @@ class CookieStorage(BaseStorage): Create an HMAC/SHA1 hash based on the value and the project setting's SECRET_KEY, modified to make it unique for the present purpose. """ - return salted_hmac(self.key_salt, value).hexdigest() + # The class wide key salt is not reused here since older Django + # versions had it fixed and making it dynamic would break old hashes if + # self.key_salt is changed. + key_salt = 'django.contrib.messages' + return salted_hmac(key_salt, value).hexdigest() def _encode(self, messages, encode_empty=False): """ |
