Overview
Comment: | Remove shims for PHP 5 |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | 7.3 |
Files: | files | file ages | folders |
SHA1: |
c3097ce38c5d4febd98871be7d438d81 |
User & Date: | bohwaz on 2020-11-10 17:50:51 |
Other Links: | branch diff | manifest | tags |
Context
2020-11-11
| ||
12:45 | Entity: Make sure an ID is set check-in: 839a28e75c user: bohwaz tags: 7.3 | |
2020-11-10
| ||
17:50 | Remove shims for PHP 5 check-in: c3097ce38c user: bohwaz tags: 7.3 | |
03:48 | Pie: Fix vertical alignment check-in: 608abf1de7 user: bohwaz tags: 7.3 | |
Changes
Modified src/lib/KD2/Form.php from [bba35f434e] to [6e806c4799].
︙ | ︙ | |||
66 67 68 69 70 71 72 | if (is_null(self::$token_secret)) { throw new \RuntimeException('No CSRF token secret has been set.'); } $action = self::tokenAction($action); | | | 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | if (is_null(self::$token_secret)) { throw new \RuntimeException('No CSRF token secret has been set.'); } $action = self::tokenAction($action); $random = random_int(0, PHP_INT_MAX); $expire = floor(time() / 3600) + $expire; $value = $expire . $random . $action; $hash = hash_hmac('sha256', $expire . $random . $action, self::$token_secret); return $hash . '/' . dechex($expire) . '/' . dechex($random); } |
︙ | ︙ |
Modified src/lib/KD2/Security.php from [cb97126fca] to [c499e0aa87].
︙ | ︙ | |||
69 70 71 72 73 74 75 | } $ret = strlen($known_string) ^ strlen($user_string); $ret |= array_sum(unpack("C*", $known_string^$user_string)); return !$ret; } | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | } $ret = strlen($known_string) ^ strlen($user_string); $ret |= array_sum(unpack("C*", $known_string^$user_string)); return !$ret; } /** * Returns a random password of $length characters, picked from $alphabet * @param integer $length Length of password * @param string $alphabet Alphabet used for password generation * @return string */ static public function getRandomPassword($length = 12, $alphabet = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789=/:!?-_') { $password = ''; for ($i = 0; $i < (int)$length; $i++) { $pos = random_int(0, strlen($alphabet) - 1); $password .= $alphabet[$pos]; } return $password; } /** |
︙ | ︙ | |||
220 221 222 223 224 225 226 | while (count($selection) < (int) $words) { if ($i++ > $max) { throw new \Exception('Could not find a suitable combination of words.'); } | | | | 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | while (count($selection) < (int) $words) { if ($i++ > $max) { throw new \Exception('Could not find a suitable combination of words.'); } $rand = random_int(0, count($file) - 1); $w = trim($file[$rand]); if (!$character_match || preg_match('/^[' . $character_match . ']+$/U', $w)) { if ($add_entropy) { $w[random_int(0, strlen($w) - 1)] = self::getRandomPassword(1, '23456789=/:!?-._'); } $selection[] = $w; } } return implode(' ', $selection); |
︙ | ︙ |
Modified src/lib/KD2/Security_OTP.php from [727872fb5b] to [9c550d108c].
︙ | ︙ | |||
186 187 188 189 190 191 192 | static public function getRandomSecret($length = 16) { $keys = array_merge(range('A', 'Z'), range(2, 7)); $string = ''; for ($i = 0; $i < $length; $i++) { | < < | | 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 | static public function getRandomSecret($length = 16) { $keys = array_merge(range('A', 'Z'), range(2, 7)); $string = ''; for ($i = 0; $i < $length; $i++) { $rand = random_int(0, 31); $string .= $keys[$rand]; } return $string; } /** |
︙ | ︙ |
Modified src/lib/KD2/UserSession.php from [2904203218] to [9b8b5bed5c].
︙ | ︙ | |||
495 496 497 498 499 500 501 | * @link https://paragonie.com/blog/2017/02/split-tokens-token-based-authentication-protocols-without-side-channels * @link http://jaspan.com/improved_persistent_login_cookie_best_practice * @param object $user * @return boolean */ protected function createRememberMeSelector($user_id, $user_password) { | | | | 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 | * @link https://paragonie.com/blog/2017/02/split-tokens-token-based-authentication-protocols-without-side-channels * @link http://jaspan.com/improved_persistent_login_cookie_best_practice * @param object $user * @return boolean */ protected function createRememberMeSelector($user_id, $user_password) { $selector = hash($this::HASH_ALGO, random_bytes(10)); $verifier = hash($this::HASH_ALGO, random_bytes(10)); $expiry = (new \DateTime)->modify($this->remember_me_expiry); $expiry = $expiry->getTimestamp(); $hash = hash($this::HASH_ALGO, $selector . $verifier . $user_password . $expiry); $this->storeRememberMeSelector($selector, $hash, $expiry, $user_id); |
︙ | ︙ |