From b28c45c84c259d3acada451a0eadf43f407055a1 Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Wed, 14 Mar 2018 16:25:00 +0000
Subject: [PATCH] =?UTF-8?q?N=C2=B01354:=20use=20only=20hashed=20server=20s?=
 =?UTF-8?q?ide=20information=20as=20the=20local=20storage=20identifier.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SVN:trunk[5428]
---
 core/config.class.inc.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index 54c941ad13..1059d8078f 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -1089,13 +1089,14 @@ class Config
 	/**
 	 * @return string identifier that can be used for example to name WebStorage/SessionStorage keys (they
 	 *     are related to a whole domain, and a domain can host multiple itop)
+	 *     Beware: do not expose server side information to the client !
 	 */
 	public function GetItopInstanceid()
 	{
-		return utils::GetAbsoluteUrlAppRoot()
+		return md5(utils::GetAbsoluteUrlAppRoot()
 			.'==='.$this->Get('db_host')
 			.'/'.$this->Get('db_name')
-			.'/'.$this->Get('db_subname');
+			.'/'.$this->Get('db_subname'));
 	}
 
 	public function GetDescription($sPropCode)