replace mt_rand with random_bytes

ampache · Jul 26, 2021 · 450a9a1 · 450a9a1
1 parent 032edd7
commit 450a9a1
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 6 deletions.
diff --git a/public/templates/show_arts.inc.php b/public/templates/show_arts.inc.php
@@ -37,7 +37,7 @@
     $j=0;
     while ($j < 5) {
         $key        = $count * 5 + $j;
-        $image_url  = AmpConfig::get('web_path') . '/image.php?type=session&image_index=' . $key . '&cache_bust=' . date('YmdHis') . mt_rand();
+        $image_url  = AmpConfig::get('web_path') . '/image.php?type=session&image_index=' . $key . '&cache_bust=' . date('YmdHis') . bin2hex(random_bytes(20);
         $dimensions = array('width' => 0, 'height' => 0);
         if (!empty($_SESSION['form']['images'][$key])) {
             $dimensions = Core::image_dimensions(Art::get_from_source($_SESSION['form']['images'][$key], $object_type));

diff --git a/src/Module/Api/Upnp_Api.php b/src/Module/Api/Upnp_Api.php
@@ -576,7 +576,7 @@ public static function createSOAPEnvelope(
         $ndTotMatches = $doc->createElement('TotalMatches', $prmTotMatches);
         $ndBrowseResp->appendChild($ndTotMatches);
         $ndUpdateID = $doc->createElement('UpdateID', $prmUpdateID); // seems to be ignored by the WDTVL
-        //$ndUpdateID = $doc->createElement('UpdateID', (string) mt_rand(); // seems to be ignored by the WDTVL
+        //$ndUpdateID = $doc->createElement('UpdateID', (string) bin2hex(random_bytes(20); // seems to be ignored by the WDTVL
         $ndBrowseResp->appendChild($ndUpdateID);
 
         return $doc;

diff --git a/src/Module/Application/Login/DefaultAction.php b/src/Module/Application/Login/DefaultAction.php
@@ -234,7 +234,7 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat
                 $city     = array_key_exists('city', $auth) ? $auth['city'] : '';
 
                 // Attempt to create the user
-                if (User::create($username, $fullname, $email, $website, hash('sha256', mt_rand()), $access, $state, $city) > 0) {
+                if (User::create($username, $fullname, $email, $website, hash('sha256', bin2hex(random_bytes(20)), $access, $state, $city) > 0) {
                     $user = User::get_from_username($username);
 
                     if (array_key_exists('avatar', $auth)) {

diff --git a/src/Module/Cli/AdminAddUserCommand.php b/src/Module/Cli/AdminAddUserCommand.php
@@ -40,7 +40,7 @@ public function __construct(
         $this->configContainer = $configContainer;
 
         $this
-            ->option('-p|--password', T_('Password'), 'strval', mt_rand())
+            ->option('-p|--password', T_('Password'), 'strval', bin2hex(random_bytes(20))
             ->option('-e|--email', T_('E-mail'), 'strval', '')
             ->option('-w|--website', T_('Website'), 'strval', '')
             ->option('-n|--name', T_('Name'), 'strval', '')

diff --git a/src/Module/System/Session.php b/src/Module/System/Session.php
@@ -643,7 +643,7 @@ public static function create_remember_cookie($username)
      */
     public static function generateRandomToken()
     {
-        return md5(uniqid((string)mt_rand(), true));
+        return md5(uniqid((string)bin2hex(random_bytes(20), true));
     }
 
     /**

diff --git a/src/Module/Util/OAuth/OAuthRequest.php b/src/Module/Util/OAuth/OAuthRequest.php
@@ -337,7 +337,7 @@ private static function generate_timestamp()
     private static function generate_nonce()
     {
         $mtime = microtime();
-        $rand  = mt_rand();
+        $rand  = bin2hex(random_bytes(20);
 
         return md5($mtime . $rand); // md5s look nicer than numbers
     }