From ee5d0f328fcaaabee00f3a3fda22c49f6ab84f58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6hler?= <somebody.here@gmx.de>
Date: Thu, 11 Oct 2012 10:50:17 +0200
Subject: [PATCH] improve token security

switched from time() to internal method OC_Util::generate_random_bytes()
---
 lib/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index be93cb40e7..4dd69f3cc3 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -566,7 +566,7 @@ class OC{
 				if(defined("DEBUG") && DEBUG) {
 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
 				}
-				$token = md5($_POST["user"].time().$_POST['password']);
+				$token = md5($_POST["user"].OC_Util::generate_random_bytes(10).$_POST['password']);
 				OC_Preferences::setValue($_POST['user'], 'login_token', $token, time());
 				OC_User::setMagicInCookie($_POST["user"], $token);
 			}