Changeset 59532 for trunk/tests/phpunit/tests/avatar.php

Timestamp:

12/17/2024 11:56:28 PM (6 months ago)

Author:

SergeyBiryukov

Message:

Privacy: Use SHA-256 hashing algorithm for Gravatar.

This aims to improve privacy by switching to a more secure algorithm, as an MD5 string can be reversed.

Follow-up to [6748], [31107].

Props henry.wright, jucaduca, haozi, desrosj, dd32, SergeyBiryukov.
See #60638.

File:

• trunk/tests/phpunit/tests/avatar.php (modified) (3 diffs)

trunk/tests/phpunit/tests/avatar.php

@@ -12 +12 @@
     public function test_get_avatar_url_gravatar_url() {
         $url = get_avatar_url( 1 );
-        $this->assertSame( preg_match( '|^https?://secure.gravatar.com/avatar/[0-9a-f]{32}\?|', $url ), 1 );
+        $this->assertSame( preg_match( '|^https?://secure.gravatar.com/avatar/[0-9a-f]{64}\?|', $url ), 1 );
     }
 
@@ -91 +91 @@
         $this->assertSame( $url, $url2 );
 
+        $url2 = get_avatar_url( hash( 'sha256', WP_TESTS_EMAIL ) . '@sha256.gravatar.com' );
+        $this->assertSame( $url, $url2 );
+
         $url2 = get_avatar_url( md5( WP_TESTS_EMAIL ) . '@md5.gravatar.com' );
-        $this->assertSame( $url, $url2 );
+        $this->assertSame( preg_match( '|^https?://secure.gravatar.com/avatar/[0-9a-f]{32}\?|', $url2 ), 1 );
 
         $user = get_user_by( 'id', 1 );
@@ -268 +271 @@
 
         $this->assertTrue( is_avatar_comment_type( $comment_type ) );
-        $this->assertMatchesRegularExpression( '|^https?://secure.gravatar.com/avatar/[0-9a-f]{32}\?|', $actual_data['url'] );
+        $this->assertMatchesRegularExpression( '|^https?://secure.gravatar.com/avatar/[0-9a-f]{64}\?|', $actual_data['url'] );
     }