From 450a9a1477f5b9ef1195025ddd0f5d84ea04730f Mon Sep 17 00:00:00 2001 From: lachlan Date: Mon, 26 Jul 2021 08:52:48 +1000 Subject: [PATCH] replace mt_rand with random_bytes --- public/templates/show_arts.inc.php | 2 +- src/Module/Api/Upnp_Api.php | 2 +- src/Module/Application/Login/DefaultAction.php | 2 +- src/Module/Cli/AdminAddUserCommand.php | 2 +- src/Module/System/Session.php | 2 +- src/Module/Util/OAuth/OAuthRequest.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/public/templates/show_arts.inc.php b/public/templates/show_arts.inc.php index 60fe68115b3..592267530cc 100644 --- a/public/templates/show_arts.inc.php +++ b/public/templates/show_arts.inc.php @@ -37,7 +37,7 @@ $j=0; while ($j < 5) { $key = $count * 5 + $j; - $image_url = AmpConfig::get('web_path') . '/image.php?type=session&image_index=' . $key . '&cache_bust=' . date('YmdHis') . mt_rand(); + $image_url = AmpConfig::get('web_path') . '/image.php?type=session&image_index=' . $key . '&cache_bust=' . date('YmdHis') . bin2hex(random_bytes(20); $dimensions = array('width' => 0, 'height' => 0); if (!empty($_SESSION['form']['images'][$key])) { $dimensions = Core::image_dimensions(Art::get_from_source($_SESSION['form']['images'][$key], $object_type)); diff --git a/src/Module/Api/Upnp_Api.php b/src/Module/Api/Upnp_Api.php index 03d58626d6f..f4ffbd9345b 100644 --- a/src/Module/Api/Upnp_Api.php +++ b/src/Module/Api/Upnp_Api.php @@ -576,7 +576,7 @@ public static function createSOAPEnvelope( $ndTotMatches = $doc->createElement('TotalMatches', $prmTotMatches); $ndBrowseResp->appendChild($ndTotMatches); $ndUpdateID = $doc->createElement('UpdateID', $prmUpdateID); // seems to be ignored by the WDTVL - //$ndUpdateID = $doc->createElement('UpdateID', (string) mt_rand(); // seems to be ignored by the WDTVL + //$ndUpdateID = $doc->createElement('UpdateID', (string) bin2hex(random_bytes(20); // seems to be ignored by the WDTVL $ndBrowseResp->appendChild($ndUpdateID); return $doc; diff --git a/src/Module/Application/Login/DefaultAction.php b/src/Module/Application/Login/DefaultAction.php index e7fed9b0a55..1012890139e 100644 --- a/src/Module/Application/Login/DefaultAction.php +++ b/src/Module/Application/Login/DefaultAction.php @@ -234,7 +234,7 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat $city = array_key_exists('city', $auth) ? $auth['city'] : ''; // Attempt to create the user - if (User::create($username, $fullname, $email, $website, hash('sha256', mt_rand()), $access, $state, $city) > 0) { + if (User::create($username, $fullname, $email, $website, hash('sha256', bin2hex(random_bytes(20)), $access, $state, $city) > 0) { $user = User::get_from_username($username); if (array_key_exists('avatar', $auth)) { diff --git a/src/Module/Cli/AdminAddUserCommand.php b/src/Module/Cli/AdminAddUserCommand.php index be4d456f590..06e7da68ee8 100644 --- a/src/Module/Cli/AdminAddUserCommand.php +++ b/src/Module/Cli/AdminAddUserCommand.php @@ -40,7 +40,7 @@ public function __construct( $this->configContainer = $configContainer; $this - ->option('-p|--password', T_('Password'), 'strval', mt_rand()) + ->option('-p|--password', T_('Password'), 'strval', bin2hex(random_bytes(20)) ->option('-e|--email', T_('E-mail'), 'strval', '') ->option('-w|--website', T_('Website'), 'strval', '') ->option('-n|--name', T_('Name'), 'strval', '') diff --git a/src/Module/System/Session.php b/src/Module/System/Session.php index ef0c7bccec5..f54d88ef61f 100644 --- a/src/Module/System/Session.php +++ b/src/Module/System/Session.php @@ -643,7 +643,7 @@ public static function create_remember_cookie($username) */ public static function generateRandomToken() { - return md5(uniqid((string)mt_rand(), true)); + return md5(uniqid((string)bin2hex(random_bytes(20), true)); } /** diff --git a/src/Module/Util/OAuth/OAuthRequest.php b/src/Module/Util/OAuth/OAuthRequest.php index 44656d0601a..2c25d746c0a 100644 --- a/src/Module/Util/OAuth/OAuthRequest.php +++ b/src/Module/Util/OAuth/OAuthRequest.php @@ -337,7 +337,7 @@ private static function generate_timestamp() private static function generate_nonce() { $mtime = microtime(); - $rand = mt_rand(); + $rand = bin2hex(random_bytes(20); return md5($mtime . $rand); // md5s look nicer than numbers }