From 984933e5866c280eee34a8c2e16b0edcc94ac4d0 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 14 Jul 2017 14:03:25 +0200 Subject: [PATCH] Only use readable chars in Share Tokens Signed-off-by: Joas Schilling --- apps/dav/lib/CalDAV/CalDavBackend.php | 2 +- apps/sharebymail/lib/ShareByMailProvider.php | 3 +-- lib/private/Share/Share.php | 3 +-- lib/private/Share20/Manager.php | 8 ++------ 4 files changed, 5 insertions(+), 11 deletions(-) diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php index 7fe18cd865..0193d3c2aa 100644 --- a/apps/dav/lib/CalDAV/CalDavBackend.php +++ b/apps/dav/lib/CalDAV/CalDavBackend.php @@ -1925,7 +1925,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription public function setPublishStatus($value, $calendar) { $query = $this->db->getQueryBuilder(); if ($value) { - $publicUri = $this->random->generate(16, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS); + $publicUri = $this->random->generate(16, ISecureRandom::CHAR_HUMAN_READABLE); $query->insert('dav_shares') ->values([ 'principaluri' => $query->createNamedParameter($calendar->getPrincipalURI()), diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php index f4db83ea3c..a17c34da5d 100644 --- a/apps/sharebymail/lib/ShareByMailProvider.php +++ b/apps/sharebymail/lib/ShareByMailProvider.php @@ -541,8 +541,7 @@ class ShareByMailProvider implements IShareProvider { * @return string */ protected function generateToken($size = 15) { - $token = $this->secureRandom->generate( - $size, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS); + $token = $this->secureRandom->generate($size, ISecureRandom::CHAR_HUMAN_READABLE); return $token; } diff --git a/lib/private/Share/Share.php b/lib/private/Share/Share.php index dc96d856ba..8938c6f306 100644 --- a/lib/private/Share/Share.php +++ b/lib/private/Share/Share.php @@ -913,8 +913,7 @@ class Share extends Constants { $token = $oldToken; } else { $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, - \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER. - \OCP\Security\ISecureRandom::CHAR_DIGITS + \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE ); } $result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 7c39733ce2..03c900d36c 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -581,9 +581,7 @@ class Manager implements IManager { $share->setToken( $this->secureRandom->generate( \OC\Share\Constants::TOKEN_LENGTH, - \OCP\Security\ISecureRandom::CHAR_LOWER. - \OCP\Security\ISecureRandom::CHAR_UPPER. - \OCP\Security\ISecureRandom::CHAR_DIGITS + \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE ) ); @@ -601,9 +599,7 @@ class Manager implements IManager { $share->setToken( $this->secureRandom->generate( \OC\Share\Constants::TOKEN_LENGTH, - \OCP\Security\ISecureRandom::CHAR_LOWER. - \OCP\Security\ISecureRandom::CHAR_UPPER. - \OCP\Security\ISecureRandom::CHAR_DIGITS + \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE ) ); }