mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-29 11:23:54 +01:00
use openssl_random_pseudo_bytes, if available, to generate etemplate_exec_id, as it is used for CSRF protection too
This commit is contained in:
parent
d04f204d14
commit
6d472b1592
@ -350,6 +350,24 @@ class Request
|
|||||||
return isset($this->data['to_process'][$form_name]);
|
return isset($this->data['to_process'][$form_name]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* creates a new unique request-id
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
static function request_id()
|
||||||
|
{
|
||||||
|
// As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too.
|
||||||
|
$userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid']));
|
||||||
|
|
||||||
|
// generate random token (using oppenssl if available otherwise mt_rand based Auth::randomstring)
|
||||||
|
$token = function_exists('openssl_random_pseudo_bytes') ?
|
||||||
|
base64_encode(openssl_random_pseudo_bytes(32)) :
|
||||||
|
Auth::randomstring(44);
|
||||||
|
|
||||||
|
return $GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_'.$token;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* magic function to set all request-vars, used eg. as $request->method = 'app.class.method';
|
* magic function to set all request-vars, used eg. as $request->method = 'app.class.method';
|
||||||
*
|
*
|
||||||
|
@ -115,18 +115,6 @@ class Cache extends Etemplate\Request
|
|||||||
return $request;
|
return $request;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* creates a new unique request-id
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
static function request_id()
|
|
||||||
{
|
|
||||||
// As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too.
|
|
||||||
$userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid']));
|
|
||||||
return uniqid($GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_',true);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
||||||
*
|
*
|
||||||
|
@ -129,7 +129,7 @@ class Files extends Etemplate\Request
|
|||||||
{
|
{
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
$id = uniqid('etemplate_'.$GLOBALS['egw_info']['flags']['currentapp'].'_',true);
|
$id = parent::request_id();
|
||||||
}
|
}
|
||||||
while (file_exists(self::$directory.'/'.$id));
|
while (file_exists(self::$directory.'/'.$id));
|
||||||
|
|
||||||
|
@ -104,19 +104,6 @@ class Session extends Etemplate\Request
|
|||||||
return $request;
|
return $request;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* creates a new request-id via microtime()
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
static function request_id()
|
|
||||||
{
|
|
||||||
$time = (int) (100 * microtime(true)); // gives precision of 1/100 sec
|
|
||||||
$id = $GLOBALS['egw_info']['flags']['currentapp'] .':'. $time;
|
|
||||||
|
|
||||||
return $id;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
* saves content,readonlys,template-keys, ... via eGW's appsession function
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user