Merge pull request #7725 from dew-git/develop

Fix security vulnerabilities.
2019-10-11 14:48:07 -04:00 · 2019-10-11 14:48:07 -04:00 · 27eaffd7fb
commit 27eaffd7fb
parent f300c8040f e1e1d26b5b
9 changed files with 454 additions and 334 deletions
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * @file mod/lostpass.php
 */
@ -27,7 +28,7 @@ function lostpass_post(App $a)
 		$a->internalRedirect();
 	}

-	$pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999);
+	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);

 	$fields = [
 		'pwdreset' => $pwdreset_token,