From: Nathan Yergler <nathan@yergler.net>
Date: Sat, 1 Oct 2011 21:24:49 +0000 (-0700)
Subject: #361: Removing additional secret key, per CW's request.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=9202e5a1e15183b134fa15c4e1290dea8ed2acbe;p=mediagoblin.git

#361: Removing additional secret key, per CW's request.
---

diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini
index 37fe7130..298a6951 100644
--- a/mediagoblin/config_spec.ini
+++ b/mediagoblin/config_spec.ini
@@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False)
 allow_attachments = boolean(default=False)
 
 # Cookie stuff
-secret_key = string(default="Something Super Duper Secrit!")
 csrf_cookie_name = string(default='mediagoblin_nonce')
 
 [storage:publicstore]
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py
index d41bcd87..44b799d5 100644
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -106,7 +106,7 @@ class CsrfMiddleware(object):
 
         return hashlib.md5("%s%s" %
                            (randrange(0, self.MAX_CSRF_KEY),
-                            mg_globals.app_config['secret_key'])).hexdigest()
+                            randrange(0, self.MAX_CSRF_KEY))).hexdigest()
 
     def verify_tokens(self, request):
         """Verify that the CSRF Cookie exists and that it matches the