mirror of
https://git.friendi.ca/friendica/friendica.git
synced 2025-06-09 23:14:26 +02:00
Fix security vulnerbilities.
Fix possible length extension attack, predicable generators, timing attacks on hash comparision and improved formatting.
This commit is contained in:
dew-git
parent
50fa119f79
commit
811cdcdfcb
8 changed files with 455 additions and 332 deletions
|
|
@ -3,6 +3,7 @@
|
|||
/**
|
||||
* @file src/Model/Register.php
|
||||
*/
|
||||
|
||||
namespace Friendica\Model;
|
||||
|
||||
use Friendica\Database\DBA;
|
||||
|
|
@ -83,7 +84,7 @@ class Register
|
|||
*/
|
||||
public static function createForInvitation()
|
||||
{
|
||||
$code = Strings::getRandomName(8) . srand(1000, 9999);
|
||||
$code = Strings::getRandomName(8) . random_int(1000, 9999);
|
||||
|
||||
$fields = [
|
||||
'hash' => $code,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue