From 931e6215495b480ae79288b58ec05a57f8a111db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hanno=20B=C3=B6ck?= Date: Mon, 1 Feb 2021 10:57:42 +0100 Subject: [PATCH] Replace token generation with hash and uniqid with secure random numbers from random_bytes --- include/functions.inc.php | 2 +- include/functions_comments.inc.php | 4 ++-- include/functions_config.inc.php | 2 +- include/plugin_api.inc.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/functions.inc.php b/include/functions.inc.php index 4a2c203a..54b976c7 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -530,7 +530,7 @@ function serendipity_sendMail($to, $subject, $message, $fromMail, $headers = NUL $maildata['headers'][] = 'X-Mailer: ' . $maildata['version']; $maildata['headers'][] = 'X-Engine: PHP/'. phpversion(); } - $maildata['headers'][] = 'Message-ID: <'. md5(microtime() . uniqid(time())) .'@'. $_SERVER['HTTP_HOST'] .'>'; + $maildata['headers'][] = 'Message-ID: <'. bin2hex(random_bytes(16)) .'@'. $_SERVER['HTTP_HOST'] .'>'; $maildata['headers'][] = 'MIME-Version: 1.0'; $maildata['headers'][] = 'Precedence: bulk'; $maildata['headers'][] = 'Content-Type: text/plain; charset=' . LANG_CHARSET; diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index 5404afb6..34b0a2ec 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -842,7 +842,7 @@ function serendipity_insertComment($id, $commentInfo, $type = 'NORMAL', $source $subscribe = 'false'; } - $dbhash = md5(uniqid(rand(), true)); + $dbhash = bin2hex(random_bytes(16)); if ($status == 'confirm') { $dbstatus = 'confirm' . $dbhash; @@ -1230,7 +1230,7 @@ function serendipity_generateCToken($cid) { global $serendipity; - $ctoken = md5(uniqid(rand(),1)); + $ctoken = bin2hex(random_bytes(16)); //Delete any comment tokens older than 1 week. serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index be53e2e2..25dc90d8 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -502,7 +502,7 @@ function serendipity_checkAutologin($user) { * Set a session cookie which can identify a user across http/https boundaries */ function serendipity_setAuthorToken() { - $hash = sha1(uniqid(rand(), true)); + $hash = bin2hex(random_bytes(20)); serendipity_setCookie('author_token', $hash); $_SESSION['author_token'] = $hash; } diff --git a/include/plugin_api.inc.php b/include/plugin_api.inc.php index b89b96fe..43dca2f4 100644 --- a/include/plugin_api.inc.php +++ b/include/plugin_api.inc.php @@ -228,7 +228,7 @@ class serendipity_plugin_api { global $serendipity; - $id = md5(uniqid('')); + $id = bin2hex(random_bytes(16)); $key = $plugin_class_id . ':' . $id; $key = serendipity_db_escape_string($key);