increase randomness of shared url keys a bit

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 05c2b229e40e2d9cb0ecf9d4d36d9bc9794b8559..4c51d220c2303cae87fb7cb64f8c2f1f43bfc0ce 100644 (file)
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -1891,7 +1891,7 @@ class Pref_Feeds extends Handler_Protected {
                        AND owner_uid = " . $owner_uid);
 
                if ($this->dbh->num_rows($result) == 1) {
-                       $key = $this->dbh->escape_string(uniqid());
+                       $key = $this->dbh->escape_string(uniqid(base_convert(rand(), 10, 36)));
 
                        $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
                                WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat

diff --git a/include/functions.php b/include/functions.php
index fce15b53539266204d0ce1deeaa05ac7aac33f71..28b7a7c89b44b8d212dd2aeebedc5f8734b95217 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -3753,7 +3753,7 @@
                if (db_num_rows($result) == 1) {
                        return db_fetch_result($result, 0, "access_key");
                } else {
-                       $key = db_escape_string(uniqid());
+                       $key = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
 
                        $result = db_query("INSERT INTO ttrss_access_keys
                                (access_key, feed_id, is_cat, owner_uid)

diff --git a/plugins/instances/init.php b/plugins/instances/init.php
index 069186ad1fa3fb2104975b16a234c8eaa72b3340..2de0e5fd2d8eb753bd0bd4f789488ade8ef4f76e 100644 (file)
--- a/plugins/instances/init.php
+++ b/plugins/instances/init.php
@@ -407,7 +407,7 @@ class Instances extends Plugin implements IHandler {
 
                print "<hr/>";
 
-               $access_key = uniqid();
+               $access_key = uniqid(rand(), true);
 
                /* Access key */
 
@@ -439,7 +439,7 @@ class Instances extends Plugin implements IHandler {
        }
 
        function genHash() {
-               $hash = uniqid();
+               $hash = uniqid(base_convert(rand(), 10, 36));
 
                print json_encode(array("hash" => $hash));
        }

diff --git a/plugins/share/init.php b/plugins/share/init.php
index 5fa9987577573344428074881974d85ce46596fb..899677c32e5d5bc40010f430c4b521acb2b2c1b0 100644 (file)
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -60,7 +60,7 @@ class Share extends Plugin {
        function newkey() {
                $id = db_escape_string($_REQUEST['id']);
 
-               $uuid = db_escape_string(uniqid());
+               $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
 
                db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
                        AND owner_uid = " . $_SESSION['uid']);
@@ -91,7 +91,7 @@ class Share extends Plugin {
                        $ref_id = db_fetch_result($result, 0, "ref_id");
 
                        if (!$uuid) {
-                               $uuid = db_escape_string(uniqid());
+                               $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
                                db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
                                        AND owner_uid = " . $_SESSION['uid']);
                        }