diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2022-01-30 15:53:17 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-01-30 15:53:17 +0100 |
| commit | 47e242aa77bb8583e8716023c4bcef0462891ebd (patch) | |
| tree | 05ca76b2459db75c9ae3236acbc6ec711fb5c7dd /app | |
| parent | 24afafb74d422bd8d7526719046253279cb7e713 (diff) | |
Fix ctype_alnum (#4182)
* Fix ctype_alnum
#fix https://github.com/FreshRSS/FreshRSS/issues/4180
Ensure `ctype_alnum()` gets a string
* Changelog
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/authController.php | 2 | ||||
| -rw-r--r-- | app/Controllers/userController.php | 2 | ||||
| -rw-r--r-- | app/Models/FormAuth.php | 6 |
3 files changed, 5 insertions, 5 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 27a7b4ac8..2bcf4eae7 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -117,7 +117,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Session::_param('POST_to_GET'); if ($isPOST) { - $nonce = Minz_Session::param('nonce'); + $nonce = Minz_Session::param('nonce', ''); $username = Minz_Request::param('username', ''); $challenge = Minz_Request::param('challenge', ''); diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index f5db8b93b..06dbab9fa 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -538,7 +538,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { $ok = true; if ($self_deletion) { // We check the password if it’s a self-destruction - $nonce = Minz_Session::param('nonce'); + $nonce = Minz_Session::param('nonce', ''); $challenge = Minz_Request::param('challenge', ''); $ok &= FreshRSS_FormAuth::checkCredentials( diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php index d6da637d1..653eba04b 100644 --- a/app/Models/FormAuth.php +++ b/app/Models/FormAuth.php @@ -1,7 +1,7 @@ <?php class FreshRSS_FormAuth { - public static function checkCredentials($username, $hash, $nonce, $challenge) { + public static function checkCredentials(string $username, string $hash, string $nonce, string $challenge): bool { if (!FreshRSS_user_Controller::checkUsername($username) || !ctype_graph($hash) || !ctype_graph($challenge) || @@ -36,7 +36,7 @@ class FreshRSS_FormAuth { return []; } - private static function renewCookie($token) { + private static function renewCookie(string $token) { $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; if (touch($token_file)) { $limits = FreshRSS_Context::$system_conf->limits; @@ -48,7 +48,7 @@ class FreshRSS_FormAuth { return false; } - public static function makeCookie($username, $password_hash) { + public static function makeCookie(string $username, string $password_hash) { do { $token = sha1(FreshRSS_Context::$system_conf->salt . $username . uniqid('' . mt_rand(), true)); $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; |