diff options
Diffstat (limited to 'app/Controllers/javascriptController.php')
| -rw-r--r-- | app/Controllers/javascriptController.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index 1370c00c7..eda468dff 100644 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -74,12 +74,11 @@ class FreshRSS_javascript_Controller extends FreshRSS_ActionController { $user_conf = get_user_configuration($user); if ($user_conf !== null) { try { - $salt = FreshRSS_Context::systemConf()->salt; $s = $user_conf->passwordHash; if (strlen($s) >= 60) { //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". $this->view->salt1 = substr($s, 0, 29); - $this->view->nonce = sha1($salt . uniqid('' . mt_rand(), true)); + $this->view->nonce = hash('sha256', FreshRSS_Context::systemConf()->salt . $user . random_bytes(32)); Minz_Session::_param('nonce', $this->view->nonce); return; //Success } @@ -95,7 +94,7 @@ class FreshRSS_javascript_Controller extends FreshRSS_ActionController { for ($i = 22; $i > 0; $i--) { $this->view->salt1 .= $alphabet[random_int(0, 63)]; } - $this->view->nonce = sha1('' . mt_rand()); + $this->view->nonce = hash('sha256', 'failure' . rand()); Minz_Session::_param('nonce', $this->view->nonce); } } |