Warning, /webapps/ocs-apiserver/library/HTMLPurifier/ConfigSchema/schema/URI.MungeSecretKey.txt is written in an unsupported language. File is not indexed.
0001 URI.MungeSecretKey
0002 TYPE: string/null
0003 VERSION: 3.1.1
0004 DEFAULT: NULL
0005 --DESCRIPTION--
0006 <p>
0007 This directive enables secure checksum generation along with %URI.Munge.
0008 It should be set to a secure key that is not shared with anyone else.
0009 The checksum can be placed in the URI using %t. Use of this checksum
0010 affords an additional level of protection by allowing a redirector
0011 to check if a URI has passed through HTML Purifier with this line:
0012 </p>
0013
0014 <pre>$checksum === hash_hmac("sha256", $url, $secret_key)</pre>
0015
0016 <p>
0017 If the output is TRUE, the redirector script should accept the URI.
0018 </p>
0019
0020 <p>
0021 Please note that it would still be possible for an attacker to procure
0022 secure hashes en-mass by abusing your website's Preview feature or the
0023 like, but this service affords an additional level of protection
0024 that should be combined with website blacklisting.
0025 </p>
0026
0027 <p>
0028 Remember this has no effect if %URI.Munge is not on.
0029 </p>
0030 --# vim: et sw=4 sts=4