Merge branch 'dev' into beta

author: Marien Fressinaud <dev@marienfressinaud.fr> 2015-11-04 20:17:29 +0100
committer: Marien Fressinaud <dev@marienfressinaud.fr> 2015-11-04 20:17:29 +0100
commit: a1267baa0b1caa801547ee674d9bb03c4b15d00b (patch)
tree: 78c5567578751752a3623574cbd768e602a46754 /app/Controllers/javascriptController.php
parent: 133e369afff02e5984fe4ce5109e33fd2fbccfc7 (diff)
parent: 4525e547faa8781e37f86125110f28248eb67fd3 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 421cf6f72..e3ae3669e 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -43,7 +43,12 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		} else {
 			Minz_Log::notice('Nonce failure due to invalid username!');
 		}
-		$this->view->nonce = '';	//Failure
-		$this->view->salt1 = '';
+		//Failure: Return random data.
+		$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST);
+		$alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+		for ($i = 22; $i > 0; $i--) {
+			$this->view->salt1 .= $alphabet[rand(0, 63)];
+		}
+		$this->view->nonce = sha1(rand());
 	}
 }
author	Marien Fressinaud <dev@marienfressinaud.fr>	2015-11-04 20:17:29 +0100
committer	Marien Fressinaud <dev@marienfressinaud.fr>	2015-11-04 20:17:29 +0100
commit	a1267baa0b1caa801547ee674d9bb03c4b15d00b (patch)
tree	78c5567578751752a3623574cbd768e602a46754 /app/Controllers/javascriptController.php
parent	133e369afff02e5984fe4ce5109e33fd2fbccfc7 (diff)
parent	4525e547faa8781e37f86125110f28248eb67fd3 (diff)