From 3ceb893f66920383b0f79faf1fc896469ee3d2a4 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 3 Aug 2015 19:21:06 +0300 Subject: [PATCH] add one catchall function to make uniqids/keyhashes/etc used by tt-rss --- classes/pref/feeds.php | 2 +- include/functions.php | 8 ++++++-- include/functions2.php | 2 +- plugins/instances/init.php | 4 ++-- plugins/share/init.php | 4 ++-- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index d70c1a26..efa2c2af 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -1893,7 +1893,7 @@ class Pref_Feeds extends Handler_Protected { AND owner_uid = " . $owner_uid); if ($this->dbh->num_rows($result) == 1) { - $key = $this->dbh->escape_string(uniqid(base_convert(rand(), 10, 36))); + $key = $this->dbh->escape_string(uniqid_short()); $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key' WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat diff --git a/include/functions.php b/include/functions.php index c2745522..cecfaead 100644 --- a/include/functions.php +++ b/include/functions.php @@ -738,7 +738,7 @@ $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); - $_SESSION["csrf_token"] = uniqid(rand(), true); + $_SESSION["csrf_token"] = uniqid_short(); db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); @@ -768,7 +768,7 @@ $_SESSION["auth_module"] = false; if (!$_SESSION["csrf_token"]) { - $_SESSION["csrf_token"] = uniqid(rand(), true); + $_SESSION["csrf_token"] = uniqid_short(); } $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; @@ -1996,6 +1996,10 @@ } } + function uniqid_short() { + return uniqid(base_convert(rand(), 10, 36)); + } + // TODO: less dumb splitting require_once "functions2.php"; diff --git a/include/functions2.php b/include/functions2.php index 32c97aee..df876851 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1773,7 +1773,7 @@ if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "access_key"); } else { - $key = db_escape_string(uniqid(base_convert(rand(), 10, 36))); + $key = db_escape_string(uniqid_short()); $result = db_query("INSERT INTO ttrss_access_keys (access_key, feed_id, is_cat, owner_uid) diff --git a/plugins/instances/init.php b/plugins/instances/init.php index b23f45a0..947bc2a1 100644 --- a/plugins/instances/init.php +++ b/plugins/instances/init.php @@ -407,7 +407,7 @@ class Instances extends Plugin implements IHandler { print "
"; - $access_key = uniqid(rand(), true); + $access_key = uniqid_short(); /* Access key */ @@ -439,7 +439,7 @@ class Instances extends Plugin implements IHandler { } function genHash() { - $hash = uniqid(base_convert(rand(), 10, 36)); + $hash = uniqid_short(); print json_encode(array("hash" => $hash)); } diff --git a/plugins/share/init.php b/plugins/share/init.php index 899677c3..bcc08189 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -60,7 +60,7 @@ class Share extends Plugin { function newkey() { $id = db_escape_string($_REQUEST['id']); - $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36))); + $uuid = db_escape_string(uniqid_short()); db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id' AND owner_uid = " . $_SESSION['uid']); @@ -91,7 +91,7 @@ class Share extends Plugin { $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { - $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36))); + $uuid = db_escape_string(uniqid_short()); db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); } -- 2.39.2