increase randomness of shared url keys a bit

This commit is contained in:
Andrew Dolgov 2014-01-17 13:41:27 +04:00
parent 07083d9caa
commit 4c63934bac
4 changed files with 6 additions and 6 deletions

View file

@ -1891,7 +1891,7 @@ class Pref_Feeds extends Handler_Protected {
AND owner_uid = " . $owner_uid); AND owner_uid = " . $owner_uid);
if ($this->dbh->num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$key = $this->dbh->escape_string(uniqid()); $key = $this->dbh->escape_string(uniqid(base_convert(rand(), 10, 36)));
$this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key' $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat

View file

@ -3753,7 +3753,7 @@
if (db_num_rows($result) == 1) { if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "access_key"); return db_fetch_result($result, 0, "access_key");
} else { } else {
$key = db_escape_string(uniqid()); $key = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
$result = db_query("INSERT INTO ttrss_access_keys $result = db_query("INSERT INTO ttrss_access_keys
(access_key, feed_id, is_cat, owner_uid) (access_key, feed_id, is_cat, owner_uid)

View file

@ -407,7 +407,7 @@ class Instances extends Plugin implements IHandler {
print "<hr/>"; print "<hr/>";
$access_key = uniqid(); $access_key = uniqid(rand(), true);
/* Access key */ /* Access key */
@ -439,7 +439,7 @@ class Instances extends Plugin implements IHandler {
} }
function genHash() { function genHash() {
$hash = uniqid(); $hash = uniqid(base_convert(rand(), 10, 36));
print json_encode(array("hash" => $hash)); print json_encode(array("hash" => $hash));
} }

View file

@ -60,7 +60,7 @@ class Share extends Plugin {
function newkey() { function newkey() {
$id = db_escape_string($_REQUEST['id']); $id = db_escape_string($_REQUEST['id']);
$uuid = db_escape_string(uniqid()); $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id' db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
AND owner_uid = " . $_SESSION['uid']); AND owner_uid = " . $_SESSION['uid']);
@ -91,7 +91,7 @@ class Share extends Plugin {
$ref_id = db_fetch_result($result, 0, "ref_id"); $ref_id = db_fetch_result($result, 0, "ref_id");
if (!$uuid) { if (!$uuid) {
$uuid = db_escape_string(uniqid()); $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']); AND owner_uid = " . $_SESSION['uid']);
} }