increase randomness of shared url keys a bit
This commit is contained in:
parent
07083d9caa
commit
4c63934bac
4 changed files with 6 additions and 6 deletions
|
@ -1891,7 +1891,7 @@ class Pref_Feeds extends Handler_Protected {
|
|||
AND owner_uid = " . $owner_uid);
|
||||
|
||||
if ($this->dbh->num_rows($result) == 1) {
|
||||
$key = $this->dbh->escape_string(uniqid());
|
||||
$key = $this->dbh->escape_string(uniqid(base_convert(rand(), 10, 36)));
|
||||
|
||||
$this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
|
||||
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
|
||||
|
|
|
@ -3753,7 +3753,7 @@
|
|||
if (db_num_rows($result) == 1) {
|
||||
return db_fetch_result($result, 0, "access_key");
|
||||
} else {
|
||||
$key = db_escape_string(uniqid());
|
||||
$key = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
|
||||
|
||||
$result = db_query("INSERT INTO ttrss_access_keys
|
||||
(access_key, feed_id, is_cat, owner_uid)
|
||||
|
|
|
@ -407,7 +407,7 @@ class Instances extends Plugin implements IHandler {
|
|||
|
||||
print "<hr/>";
|
||||
|
||||
$access_key = uniqid();
|
||||
$access_key = uniqid(rand(), true);
|
||||
|
||||
/* Access key */
|
||||
|
||||
|
@ -439,7 +439,7 @@ class Instances extends Plugin implements IHandler {
|
|||
}
|
||||
|
||||
function genHash() {
|
||||
$hash = uniqid();
|
||||
$hash = uniqid(base_convert(rand(), 10, 36));
|
||||
|
||||
print json_encode(array("hash" => $hash));
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ class Share extends Plugin {
|
|||
function newkey() {
|
||||
$id = db_escape_string($_REQUEST['id']);
|
||||
|
||||
$uuid = db_escape_string(uniqid());
|
||||
$uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
|
||||
|
||||
db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
|
||||
AND owner_uid = " . $_SESSION['uid']);
|
||||
|
@ -91,7 +91,7 @@ class Share extends Plugin {
|
|||
$ref_id = db_fetch_result($result, 0, "ref_id");
|
||||
|
||||
if (!$uuid) {
|
||||
$uuid = db_escape_string(uniqid());
|
||||
$uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
|
||||
db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
|
||||
AND owner_uid = " . $_SESSION['uid']);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue