-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor update.php #44
Comments
I think that was me just being in a rush or tooling on my system being outdated, definitely no excuse for that other than bad developer.
Our downloads platform is a modified version of Akeeba Release System which only supports those hashing methods. Pending acceptance of joomla/joomla-cms#17619 it'll need to be updated anyway to support the hash mechanisms used in that PR (sha256, sha384, and sha512). Once that's all in place then we can use stronger hashes for checksum.
Agreed. But, I'm not as well versed with shell scripts as I am PHP so I went with what I knew (admittedly a lot of the shell scripting in place now is copy/paste from other resources with modifications for the workflow used here). |
The other point on a PHP script is I do more of the maintenance work on this repo from a MacBook and that causes some issues compared to other Linux platforms (I have to run the |
I removed |
PHP is replaced by shell in #63. |
The "update.php" should be refactored to adress the following issues:
CURLOPT_SSL_VERIFYPEER
is disabled, which is insecureSHA1
checksum is also insecure and should be replaced by somewhat stronger (current API does only provideMD5
andSHA1
)The text was updated successfully, but these errors were encountered: