extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-18 11:58:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

use cryptographically secure random_int available in PHP 7+ when generating default passwords

Browse Source
This commit is contained in:
Ralf Becker 2017-02-02 15:44:40 +01:00
parent c8605a0e7d
commit ba8b1c403e
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/Auth.php
View File

@ -292,10 +292,13 @@ class Auth
$random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char); $random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char);
} }
// use cryptographically secure random_int available in PHP 7+
$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
$s = ''; $s = '';
for ($i=0; $i < $size; $i++) for ($i=0; $i < $size; $i++)
{ {
$s .= $random_char[mt_rand(0, count($random_char)-1)]; $s .= $random_char[$func(0, count($random_char)-1)];
} }
return $s; return $s;
} }

5
doc/rpm-build/post_install.php
View File

@ -550,10 +550,13 @@ function randomstring($len=16)
'>','|','[',']','}', // dont add /\,'"{ as we have problems dealing with them '>','|','[',']','}', // dont add /\,'"{ as we have problems dealing with them
); );
// use cryptographically secure random_int available in PHP 7+
$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
$str = ''; $str = '';
for($i=0; $i < $len; $i++) for($i=0; $i < $len; $i++)
{ {
$str .= $usedchars[mt_rand(0,count($usedchars)-1)]; $str .= $usedchars[$func(0,count($usedchars)-1)];
} }
return $str; return $str;
} }