mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Only use readable chars in Share Tokens 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-07-14 14:03:25 +02:00
parent 4153e1de79
commit 984933e586
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
4 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/dav/lib/CalDAV/CalDavBackend.php
View File

@ -1925,7 +1925,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
public function setPublishStatus($value, $calendar) { public function setPublishStatus($value, $calendar) {
$query = $this->db->getQueryBuilder(); $query = $this->db->getQueryBuilder();
if ($value) { if ($value) {
$publicUri = $this->random->generate(16, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS); $publicUri = $this->random->generate(16, ISecureRandom::CHAR_HUMAN_READABLE);
$query->insert('dav_shares') $query->insert('dav_shares')
->values([ ->values([
'principaluri' => $query->createNamedParameter($calendar->getPrincipalURI()), 'principaluri' => $query->createNamedParameter($calendar->getPrincipalURI()),

3
apps/sharebymail/lib/ShareByMailProvider.php
View File

@ -541,8 +541,7 @@ class ShareByMailProvider implements IShareProvider {
* @return string * @return string
*/ */
protected function generateToken($size = 15) { protected function generateToken($size = 15) {
$token = $this->secureRandom->generate( $token = $this->secureRandom->generate($size, ISecureRandom::CHAR_HUMAN_READABLE);
$size, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
return $token; return $token;
} }

3
lib/private/Share/Share.php
View File

@ -913,8 +913,7 @@ class Share extends Constants {
$token = $oldToken; $token = $oldToken;
} else { } else {
$token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH, $token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH,
\OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER. \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
\OCP\Security\ISecureRandom::CHAR_DIGITS
); );
} }
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions,

8
lib/private/Share20/Manager.php
View File

@ -581,9 +581,7 @@ class Manager implements IManager {
$share->setToken( $share->setToken(
$this->secureRandom->generate( $this->secureRandom->generate(
\OC\Share\Constants::TOKEN_LENGTH, \OC\Share\Constants::TOKEN_LENGTH,
\OCP\Security\ISecureRandom::CHAR_LOWER. \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
\OCP\Security\ISecureRandom::CHAR_UPPER.
\OCP\Security\ISecureRandom::CHAR_DIGITS
) )
); );
@ -601,9 +599,7 @@ class Manager implements IManager {
$share->setToken( $share->setToken(
$this->secureRandom->generate( $this->secureRandom->generate(
\OC\Share\Constants::TOKEN_LENGTH, \OC\Share\Constants::TOKEN_LENGTH,
\OCP\Security\ISecureRandom::CHAR_LOWER. \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
\OCP\Security\ISecureRandom::CHAR_UPPER.
\OCP\Security\ISecureRandom::CHAR_DIGITS
) )
); );
} }