mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-28 09:39:00 +01:00
use openssl_random_pseudo_bytes, if available, to generate etemplate_exec_id, as it is used for CSRF protection too
This commit is contained in:
parent
d04f204d14
commit
6d472b1592
@ -350,6 +350,24 @@ class Request
|
||||
return isset($this->data['to_process'][$form_name]);
|
||||
}
|
||||
|
||||
/**
|
||||
* creates a new unique request-id
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static function request_id()
|
||||
{
|
||||
// As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too.
|
||||
$userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid']));
|
||||
|
||||
// generate random token (using oppenssl if available otherwise mt_rand based Auth::randomstring)
|
||||
$token = function_exists('openssl_random_pseudo_bytes') ?
|
||||
base64_encode(openssl_random_pseudo_bytes(32)) :
|
||||
Auth::randomstring(44);
|
||||
|
||||
return $GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_'.$token;
|
||||
}
|
||||
|
||||
/**
|
||||
* magic function to set all request-vars, used eg. as $request->method = 'app.class.method';
|
||||
*
|
||||
|
@ -115,18 +115,6 @@ class Cache extends Etemplate\Request
|
||||
return $request;
|
||||
}
|
||||
|
||||
/**
|
||||
* creates a new unique request-id
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static function request_id()
|
||||
{
|
||||
// As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too.
|
||||
$userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid']));
|
||||
return uniqid($GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_',true);
|
||||
}
|
||||
|
||||
/**
|
||||
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
||||
*
|
||||
|
@ -129,7 +129,7 @@ class Files extends Etemplate\Request
|
||||
{
|
||||
do
|
||||
{
|
||||
$id = uniqid('etemplate_'.$GLOBALS['egw_info']['flags']['currentapp'].'_',true);
|
||||
$id = parent::request_id();
|
||||
}
|
||||
while (file_exists(self::$directory.'/'.$id));
|
||||
|
||||
|
@ -104,19 +104,6 @@ class Session extends Etemplate\Request
|
||||
return $request;
|
||||
}
|
||||
|
||||
/**
|
||||
* creates a new request-id via microtime()
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static function request_id()
|
||||
{
|
||||
$time = (int) (100 * microtime(true)); // gives precision of 1/100 sec
|
||||
$id = $GLOBALS['egw_info']['flags']['currentapp'] .':'. $time;
|
||||
|
||||
return $id;
|
||||
}
|
||||
|
||||
/**
|
||||
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user