CHANGELOG | ●●●●● patch | view | raw | blame | history | |
program/include/rcmail_install.php | ●●●●● patch | view | raw | blame | history | |
program/lib/Roundcube/rcube.php | ●●●●● patch | view | raw | blame | history | |
program/lib/Roundcube/rcube_utils.php | ●●●●● patch | view | raw | blame | history | |
tests/Framework/Utils.php | ●●●●● patch | view | raw | blame | history |
CHANGELOG
@@ -10,6 +10,7 @@ - Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization) - Implemented UI element to jump to specified page of the messages list (#1485235) - Fix so unrecognized TNEF attachments are displayed on the list of attachments (#1490351) - Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) RELEASE 1.1.2 ------------- program/include/rcmail_install.php
@@ -163,7 +163,7 @@ $value = $this->config[$name]; if ($name == 'des_key' && !$this->configured && !isset($_REQUEST["_$name"])) $value = self::random_key(24); $value = rcube_utils::random_bytes(24); return $value !== null && $value !== '' ? $value : $default; } @@ -193,7 +193,7 @@ // generate new encryption key, never use the default value if ($prop == 'des_key' && $value == $this->defaults[$prop]) $value = $this->random_key(24); $value = rcube_utils::random_bytes(24); // convert some form data if ($prop == 'debug_level' && !$is_default) { @@ -785,25 +785,4 @@ { $this->last_error = $p; } /** * Generarte a ramdom string to be used as encryption key * * @param int Key length * @return string The generated random string * @static */ function random_key($length) { $alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_='; $out = ''; for ($i=0; $i < $length; $i++) $out .= $alpha{rand(0, strlen($alpha)-1)}; return $out; } } program/lib/Roundcube/rcube.php
@@ -999,8 +999,7 @@ if (empty($_SESSION['secure_token']) && $generate) { // generate x characters long token $length = $len > 1 ? $len : 16; $token = openssl_random_pseudo_bytes($length / 2); $token = bin2hex($token); $token = rcube_utils::random_bytes($length); $plugin = $this->plugins->exec_hook('secure_token', array('value' => $token, 'length' => $length)); program/lib/Roundcube/rcube_utils.php
@@ -1138,4 +1138,34 @@ return $url; } /** * Generate a ramdom string * * @param int String length * * @return string The generated random string */ public static function random_bytes($length) { if (function_exists('openssl_random_pseudo_bytes')) { $random = openssl_random_pseudo_bytes(ceil($length / 2)); $random = bin2hex($random); // if the length wasn't even... if ($length < strlen($random)) { $random = substr($random, 0, $length); } } else { $alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_='; $random = ''; for ($i = 0; $i < $length; $i++) { $random .= $alpha[rand(0, strlen($alpha)-1)]; } } return $random; } } tests/Framework/Utils.php
@@ -419,4 +419,15 @@ $this->assertSame($output, $result); } } /** * rcube:utils::random_bytes() */ function test_random_bytes() { $this->assertSame(15, strlen(rcube_utils::random_bytes(15))); $this->assertSame(1, strlen(rcube_utils::random_bytes(1))); $this->assertSame(0, strlen(rcube_utils::random_bytes(0))); $this->assertSame(0, strlen(rcube_utils::random_bytes(-1))); } }