magento
diff --git a/‎app/code/Magento/AdminNotification/Model/System/Message/Baseurl.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/AdminNotification/Model/System/Message/Baseurl.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/AdminNotification/Model/System/Message/CacheOutdated.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/AdminNotification/Model/System/Message/CacheOutdated.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/AsynchronousOperations/Model/ResourceModel/System/Message/Collection/Synchronized/Plugin.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/AsynchronousOperations/Model/ResourceModel/System/Message/Collection/Synchronized/Plugin.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Backend/Test/Mftf/Helper/CurlHelpers.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Backend/Test/Mftf/Helper/CurlHelpers.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Block/Navigation.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Catalog/Block/Navigation.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorFile.php
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorFile.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Catalog/Model/Webapi/Product/Option/Type/File/Processor.php
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Catalog/Model/Webapi/Product/Option/Type/File/Processor.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/serializer.phtml
Lines changed: 5 additions & 1 deletion b/‎app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/serializer.phtml
Lines changed: 5 additions & 1 deletion
@@ -101,6 +101,8 @@ protected function _getConfigUrl()
      */
     public function getIdentity()
     {
+        // md5() here is not for cryptographic use.
+        // phpcs:ignore Magento2.Security.InsecureFunction
         return md5('BASE_URL' . $this->_getConfigUrl());
     }
 
 
@@ -62,6 +62,8 @@ protected function _getCacheTypesForRefresh()
      */
     public function getIdentity()
     {
+        // md5() here is not for cryptographic use.
+        // phpcs:ignore Magento2.Security.InsecureFunction
         return md5('cache' . implode(':', $this->_getCacheTypesForRefresh()));
     }
 
 
@@ -108,6 +108,8 @@ public function afterToArray(
                     'data' => [
                         'text' => __('Task "%1": ', $bulk->getDescription()) . $text,
                         'severity' => \Magento\Framework\Notification\MessageInterface::SEVERITY_MAJOR,
+                        // md5() here is not for cryptographic use.
+                        // phpcs:ignore Magento2.Security.InsecureFunction
                         'identity' => md5('bulk' . $bulkUuid),
                         'uuid' => $bulkUuid,
                         'status' => $bulkStatus,
 
@@ -49,6 +49,8 @@ public function assertImageContentIsEqual($url, $expectedString, $postBody = nul
         $imageContent = $this->getCurlResponse($url, $cookie, $postBody);
         // Must make request twice until bug is resolved: B2B-1789
         $imageContent = $this->getCurlResponse($url, $cookie, $postBody);
+        // md5() here is not for cryptographic use.
+        // phpcs:ignore Magento2.Security.InsecureFunction
         $imageContentMD5 = md5($imageContent);
         $this->assertStringContainsString($expectedString, $imageContentMD5, $message);
     }
 
@@ -152,6 +152,8 @@ public function getCacheKeyInfo()
 
         $shortCacheId = array_values($shortCacheId);
         $shortCacheId = implode('|', $shortCacheId);
+        // md5() here is not for cryptographic use.
+        // phpcs:ignore Magento2.Security.InsecureFunction
         $shortCacheId = md5($shortCacheId);
 
         $cacheId['category_path'] = $this->getCurrentCategoryKey();
 
@@ -126,6 +126,8 @@ protected function generateCode($label)
         );
         $validatorAttrCode = new \Zend_Validate_Regex(['pattern' => '/^[a-z][a-z_0-9]{0,29}[a-z0-9]$/']);
         if (!$validatorAttrCode->isValid($code)) {
+            // md5() here is not for cryptographic use.
+            // phpcs:ignore Magento2.Security.InsecureFunction
             $code = 'attr_' . ($code ?: substr(md5(time()), 0, 8));
         }
         return $code;
 
@@ -213,7 +213,7 @@ public function validate($processingParams, $option)
                 }
             }
 
-            $fileHash = md5($tmpDirectory->readFile($tmpDirectory->getRelativePath($fileInfo['tmp_name'])));
+            $fileHash = hash('sha256', $tmpDirectory->readFile($tmpDirectory->getRelativePath($fileInfo['tmp_name'])));
 
             $userValue = [
                 'type' => $fileInfo['type'],
 
@@ -125,7 +125,7 @@ public function validate($optionValue, $option)
      */
     protected function buildSecretKey($fileRelativePath)
     {
-        return substr(md5($this->rootDirectory->readFile($fileRelativePath)), 0, 20);
+        return substr(hash('sha256', $this->rootDirectory->readFile($fileRelativePath)), 0, 20);
     }
 
     /**
 
@@ -59,7 +59,7 @@ public function processFileContent(ImageContentInterface $imageContent)
         $filePath = $this->saveFile($imageContent);
 
         $fileAbsolutePath = $this->filesystem->getDirectoryRead(DirectoryList::MEDIA)->getAbsolutePath($filePath);
-        $fileHash = md5($this->filesystem->getDirectoryRead(DirectoryList::MEDIA)->readFile($filePath));
+        $fileHash = hash('sha256', $this->filesystem->getDirectoryRead(DirectoryList::MEDIA)->readFile($filePath));
         $imageSize = getimagesize($fileAbsolutePath);
         $result = [
             'type' => $imageContent->getType(),
 
@@ -8,7 +8,11 @@
 ?>
 
 // phpcs:disable Magento2.Security.InsecureFunction.DiscouragedWithAlternative
-<?php $_id = 'id_' . md5(microtime()) ?>
+<?php
+// md5() here is not for cryptographic use.
+// phpcs:ignore Magento2.Security.InsecureFunction
+$_id = 'id_' . md5(microtime())
+?>
 <input type="hidden"
        name="<?= $block->escapeHtmlAttr($block->getInputElementName()) ?>"
        value=""
Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,8 @@ protected function _getConfigUrl()`
`101`	`101`	`*/`
`102`	`102`	`public function getIdentity()`
`103`	`103`	`{`
	`104`	`+ // md5() here is not for cryptographic use.`
	`105`	`+ // phpcs:ignore Magento2.Security.InsecureFunction`
`104`	`106`	`return md5('BASE_URL' . $this->_getConfigUrl());`
`105`	`107`	`}`
`106`	`108`
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,8 @@ protected function _getCacheTypesForRefresh()`
`62`	`62`	`*/`
`63`	`63`	`public function getIdentity()`
`64`	`64`	`{`
	`65`	`+ // md5() here is not for cryptographic use.`
	`66`	`+ // phpcs:ignore Magento2.Security.InsecureFunction`
`65`	`67`	`return md5('cache' . implode(':', $this->_getCacheTypesForRefresh()));`
`66`	`68`	`}`
`67`	`69`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ public function assertImageContentIsEqual($url, $expectedString, $postBody = nul`
`49`	`49`	`$imageContent = $this->getCurlResponse($url, $cookie, $postBody);`
`50`	`50`	`// Must make request twice until bug is resolved: B2B-1789`
`51`	`51`	`$imageContent = $this->getCurlResponse($url, $cookie, $postBody);`
	`52`	`+ // md5() here is not for cryptographic use.`
	`53`	`+ // phpcs:ignore Magento2.Security.InsecureFunction`
`52`	`54`	`$imageContentMD5 = md5($imageContent);`
`53`	`55`	`$this->assertStringContainsString($expectedString, $imageContentMD5, $message);`
`54`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,8 @@ protected function generateCode($label)`
`126`	`126`	`);`
`127`	`127`	`$validatorAttrCode = new \Zend_Validate_Regex(['pattern' => '/^[a-z][a-z_0-9]{0,29}[a-z0-9]$/']);`
`128`	`128`	`if (!$validatorAttrCode->isValid($code)) {`
	`129`	`+ // md5() here is not for cryptographic use.`
	`130`	`+ // phpcs:ignore Magento2.Security.InsecureFunction`
`129`	`131`	`$code = 'attr_' . ($code ?: substr(md5(time()), 0, 8));`
`130`	`132`	`}`
`131`	`133`	`return $code;`
Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ public function validate($processingParams, $option)`
`213`	`213`	`}`
`214`	`214`	`}`
`215`	`215`
`216`		`- $fileHash = md5($tmpDirectory->readFile($tmpDirectory->getRelativePath($fileInfo['tmp_name'])));`
	`216`	`+ $fileHash = hash('sha256', $tmpDirectory->readFile($tmpDirectory->getRelativePath($fileInfo['tmp_name'])));`
`217`	`217`
`218`	`218`	`$userValue = [`
`219`	`219`	`'type' => $fileInfo['type'],`
Original file line number	Diff line number	Diff line change
`@@ -125,7 +125,7 @@ public function validate($optionValue, $option)`
`125`	`125`	`*/`
`126`	`126`	`protected function buildSecretKey($fileRelativePath)`
`127`	`127`	`{`
`128`		`- return substr(md5($this->rootDirectory->readFile($fileRelativePath)), 0, 20);`
	`128`	`+ return substr(hash('sha256', $this->rootDirectory->readFile($fileRelativePath)), 0, 20);`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`/**`