aboutsummaryrefslogtreecommitdiff
path: root/app/Controllers/userController.php
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2025-10-04 14:32:18 +0200
committerGravatar GitHub <noreply@github.com> 2025-10-04 14:32:18 +0200
commit57e1a375cbd2db9741ff19167813344f8eff5772 (patch)
tree741fc3820a205ab3ea84a03f6b72615dd8238f99 /app/Controllers/userController.php
parentbe49726ebb700aca030004d367c029082cfc6427 (diff)
Strengthen some crypto (#8061)
For login, tokens, nonces
Diffstat (limited to 'app/Controllers/userController.php')
-rw-r--r--app/Controllers/userController.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f820ef882..a7a79b067 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -41,8 +41,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
$userConfig->mail_login = $email;
if (FreshRSS_Context::systemConf()->force_email_validation) {
- $salt = FreshRSS_Context::systemConf()->salt;
- $userConfig->email_validation_token = sha1($salt . uniqid('' . mt_rand(), true));
+ $userConfig->email_validation_token = hash('sha256', FreshRSS_Context::systemConf()->salt . $email . random_bytes(32));
$mailer = new FreshRSS_User_Mailer();
$mailer->send_email_need_validation($user, $userConfig);
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 15:14:45 +0000