Browse Source

random_string calls

implement getRandomHex function
tags/2019.01
Adam Magness 2 years ago
parent
commit
991f259ecb
23 changed files with 47 additions and 29 deletions
  1. +2
    -1
      include/api.php
  2. +2
    -1
      include/enotify.php
  3. +2
    -1
      include/items.php
  4. +2
    -1
      mod/dfrn_confirm.php
  5. +2
    -1
      mod/dfrn_notify.php
  6. +2
    -1
      mod/dfrn_poll.php
  7. +3
    -2
      mod/dfrn_request.php
  8. +2
    -1
      mod/fsuggest.php
  9. +1
    -1
      mod/pubsubhubbub.php
  10. +2
    -1
      mod/redir.php
  11. +1
    -1
      mod/removeme.php
  12. +1
    -1
      spec/dfrn2_contact_request.svg
  13. +3
    -2
      src/Content/Text/HTML.php
  14. +2
    -1
      src/Model/Contact.php
  15. +3
    -2
      src/Model/Item.php
  16. +2
    -1
      src/Model/Register.php
  17. +2
    -1
      src/Module/Magic.php
  18. +2
    -1
      src/Module/Owa.php
  19. +3
    -2
      src/Network/Probe.php
  20. +3
    -2
      src/Protocol/DFRN.php
  21. +3
    -2
      src/Protocol/Diaspora.php
  22. +1
    -1
      src/Util/LDSignature.php
  23. +1
    -1
      src/Util/Strings.php

+ 2
- 1
include/api.php View File

@@ -43,6 +43,7 @@ use Friendica\Protocol\Diaspora;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\XML;

require_once 'include/conversation.php';
@@ -4802,7 +4803,7 @@ function api_friendica_remoteauth()
$dfrn_id = '0:' . $orig_id;
}

$sec = random_string();
$sec = Strings::getRandomHex();

$fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
'sec' => $sec, 'expire' => time() + 45];


+ 2
- 1
include/enotify.php View File

@@ -15,6 +15,7 @@ use Friendica\Model\Contact;
use Friendica\Model\Item;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Emailer;
use Friendica\Util\Strings;

/**
* @brief Creates a notification entry and possibly sends a mail
@@ -457,7 +458,7 @@ function notification($params)
Logger::log("adding notification entry", Logger::DEBUG);
do {
$dups = false;
$hash = random_string();
$hash = Strings::getRandomHex();
if (DBA::exists('notify', ['hash' => $hash])) {
$dups = true;
}


+ 2
- 1
include/items.php View File

@@ -21,6 +21,7 @@ use Friendica\Protocol\OStatus;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\ParseUrl;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;

require_once 'include/text.php';
@@ -308,7 +309,7 @@ function subscribe_to_hub($url, array $importer, array $contact, $hubmode = 'sub
$push_url = System::baseUrl() . '/pubsub/' . $user['nickname'] . '/' . $contact['id'];

// Use a single verify token, even if multiple hubs
$verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string());
$verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : Strings::getRandomHex());

$params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token;



+ 2
- 1
mod/dfrn_confirm.php View File

@@ -33,6 +33,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;

require_once 'include/enotify.php';
@@ -263,7 +264,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$new_dfrn_id = Strings::getRandomHex();
q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
DBA::escape($new_dfrn_id),
intval($contact_id),


+ 2
- 1
mod/dfrn_notify.php View File

@@ -14,6 +14,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\Diaspora;
use Friendica\Util\Strings;

require_once 'include/items.php';

@@ -267,7 +268,7 @@ function dfrn_notify_content(App $a) {
$dfrn_id = substr($dfrn_id,2);
}

$hash = random_string();
$hash = Strings::getRandomHex();

$status = 0;



+ 2
- 1
mod/dfrn_poll.php View File

@@ -14,6 +14,7 @@ use Friendica\Module\Login;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\OStatus;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;

require_once 'include/items.php';
@@ -415,7 +416,7 @@ function dfrn_poll_content(App $a)

if ($dfrn_id != '') {
// initial communication from external contact
$hash = random_string();
$hash = Strings::getRandomHex();

$status = 0;



+ 3
- 2
mod/dfrn_request.php View File

@@ -28,6 +28,7 @@ use Friendica\Module\Login;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;

require_once 'include/enotify.php';

@@ -320,7 +321,7 @@ function dfrn_request_post(App $a)
}
}

$issued_id = random_string();
$issued_id = Strings::getRandomHex();

if (is_array($contact_record)) {
// There is a contact record but no issued-id, so this
@@ -415,7 +416,7 @@ function dfrn_request_post(App $a)
return;
}

$hash = random_string() . (string) time(); // Generate a confirm_key
$hash = Strings::getRandomHex() . (string) time(); // Generate a confirm_key

if (is_array($contact_record)) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)


+ 2
- 1
mod/fsuggest.php View File

@@ -9,6 +9,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;

function fsuggest_post(App $a)
{
@@ -34,7 +35,7 @@ function fsuggest_post(App $a)

$new_contact = intval($_POST['suggest']);

$hash = random_string();
$hash = Strings::getRandomHex();

$note = escape_tags(trim(defaults($_POST, 'note', '')));



+ 1
- 1
mod/pubsubhubbub.php View File

@@ -93,7 +93,7 @@ function pubsubhubbub_init(App $a) {
}

// do subscriber verification according to the PuSH protocol
$hub_challenge = random_string(40);
$hub_challenge = Strings::getRandomHex(40);
$params = 'hub.mode=' .
($subscribe == 1 ? 'subscribe' : 'unsubscribe') .
'&hub.topic=' . urlencode($hub_topic) .


+ 2
- 1
mod/redir.php View File

@@ -8,6 +8,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Util\Strings;

function redir_init(App $a) {

@@ -93,7 +94,7 @@ function redir_init(App $a) {
$dfrn_id = '0:' . $orig_id;
}

$sec = random_string();
$sec = Strings::getRandomHex();

$fields = ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
'sec' => $sec, 'expire' => time() + 45];


+ 1
- 1
mod/removeme.php View File

@@ -68,7 +68,7 @@ function removeme_content(App $a)
$a->internalRedirect();
}

$hash = random_string();
$hash = Strings::getRandomHex();

require_once("mod/settings.php");
settings_init($a);


+ 1
- 1
spec/dfrn2_contact_request.svg View File

@@ -38,7 +38,7 @@ text { font:12px Dialog; }
<text x="904" y="1084" style="font:13px Open Sans">where self = 0 to look if this contact is already there (if </text>
<text x="904" y="1107" style="font:13px Open Sans">issued-id or rel is already available return here because it </text>
<text x="904" y="1130" style="font:13px Open Sans">seems that we are already connected)</text>
<text x="904" y="1176" style="font:13px Open Sans">- create a issued-id with $issued_id = random_string();</text>
<text x="904" y="1176" style="font:13px Open Sans">- create a issued-id with $issued_id = Strings::getRandomHex();</text>
<text x="904" y="1222" style="font:13px Open Sans">- if we already found a contact record above update the </text>
<text x="904" y="1245" style="font:13px Open Sans">issued-id with the one we have created</text>
<text x="904" y="1291" style="font:13px Open Sans">- otherwise if Bob is not already in the contact table scrape </text>


+ 3
- 2
src/Content/Text/HTML.php View File

@@ -7,6 +7,7 @@ namespace Friendica\Content\Text;

use DOMDocument;
use DOMXPath;
use Friendica\Content\Feature;
use Friendica\Core\Addon;
use Friendica\Core\L10n;
use Friendica\Core\Config;
@@ -17,9 +18,9 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use League\HTMLToMarkdown\HtmlConverter;
use Friendica\Content\Feature;

class HTML
{
@@ -1011,7 +1012,7 @@ class HTML
$tpl = Renderer::getMarkupTemplate('wall/content_filter.tpl');
$html = Renderer::replaceMacros($tpl, [
'$reasons' => $reasons,
'$rnd' => random_string(8),
'$rnd' => Strings::getRandomHex(8),
'$openclose' => L10n::t('Click to open/close'),
'$html' => $html
]);


+ 2
- 1
src/Model/Contact.php View File

@@ -25,6 +25,7 @@ use Friendica\Protocol\PortableContact;
use Friendica\Protocol\Salmon;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;

require_once 'boot.php';
require_once 'include/dba.php';
@@ -1889,7 +1890,7 @@ class Contact extends BaseObject
$user = DBA::selectFirst('user', $fields, ['uid' => $importer['uid']]);
if (DBA::isResult($user) && !in_array($user['page-flags'], [self::PAGE_SOAPBOX, self::PAGE_FREELOVE, self::PAGE_COMMUNITY])) {
// create notification
$hash = random_string();
$hash = Strings::getRandomHex();

if (is_array($contact_record)) {
DBA::insert('intro', ['uid' => $importer['uid'], 'contact-id' => $contact_record['id'],


+ 3
- 2
src/Model/Item.php View File

@@ -33,6 +33,7 @@ use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\XML;
use Friendica\Util\Security;
use Friendica\Util\Strings;
use Text_LanguageDetect;

require_once 'boot.php';
@@ -3479,7 +3480,7 @@ class Item extends BaseObject

while ((strpos($s, $spoilersearch) !== false)) {
$pos = strpos($s, $spoilersearch);
$rnd = random_string(8);
$rnd = Strings::getRandomHex(8);
$spoilerreplace = '<br /> <span id="spoiler-wrap-' . $rnd . '" class="spoiler-wrap fakelink" onclick="openClose(\'spoiler-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="spoiler" id="spoiler-' . $rnd . '" style="display: none;">';
$s = substr($s, 0, $pos) . $spoilerreplace . substr($s, $pos + strlen($spoilersearch));
@@ -3490,7 +3491,7 @@ class Item extends BaseObject

while ((strpos($s, $authorsearch) !== false)) {
$pos = strpos($s, $authorsearch);
$rnd = random_string(8);
$rnd = Strings::getRandomHex(8);
$authorreplace = '<br /> <span id="author-wrap-' . $rnd . '" class="author-wrap fakelink" onclick="openClose(\'author-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="author" id="author-' . $rnd . '" style="display: block;">';
$s = substr($s, 0, $pos) . $authorreplace . substr($s, $pos + strlen($authorsearch));


+ 2
- 1
src/Model/Register.php View File

@@ -7,6 +7,7 @@ namespace Friendica\Model;

use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;

/**
* Class interacting with the register database table
@@ -100,7 +101,7 @@ class Register
*/
public static function createForApproval($uid, $language, $note = '')
{
$hash = random_string();
$hash = Strings::getRandomHex();

if (!User::exists($uid)) {
return false;


+ 2
- 1
src/Module/Magic.php View File

@@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\HTTPSignature;
use Friendica\Util\Network;
use Friendica\Util\Strings;

/**
* Magic Auth (remote authentication) module.
@@ -74,7 +75,7 @@ class Magic extends BaseModule

$headers = [];
$headers['Accept'] = 'application/x-dfrn+json';
$headers['X-Open-Web-Auth'] = random_string();
$headers['X-Open-Web-Auth'] = Strings::getRandomHex();

// Create a header that is signed with the local users private key.
$headers = HTTPSignature::createSig(


+ 2
- 1
src/Module/Owa.php View File

@@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\OpenWebAuthToken;
use Friendica\Util\HTTPSignature;
use Friendica\Util\Strings;

/**
* @brief OpenWebAuth verifier and token generator
@@ -62,7 +63,7 @@ class Owa extends BaseModule
Logger::log('OWA success: ' . $contact['addr'], Logger::DATA);

$ret['success'] = true;
$token = random_string(32);
$token = Strings::getRandomHex(32);

// Store the generated token in the databe.
OpenWebAuthToken::create('owt', 0, $token, $contact['addr']);


+ 3
- 2
src/Network/Probe.php View File

@@ -24,6 +24,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use DomXPath;

@@ -1648,8 +1649,8 @@ class Probe
$data["nick"] = $data["name"];
$data["photo"] = Network::lookupAvatarByEmail($uri);
$data["url"] = 'mailto:'.$uri;
$data["notify"] = 'smtp '.random_string();
$data["poll"] = 'email '.random_string();
$data["notify"] = 'smtp ' . Strings::getRandomHex();
$data["poll"] = 'email ' . Strings::getRandomHex();

$x = Email::messageMeta($mbox, $msgs[0]);
if (stristr($x[0]->from, $uri)) {


+ 3
- 2
src/Protocol/DFRN.php View File

@@ -33,6 +33,7 @@ use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use HTMLPurifier;
use HTMLPurifier_Config;
@@ -2009,7 +2010,7 @@ class DFRN

$fid = $r[0]["id"];

$hash = random_string();
$hash = Strings::getRandomHex();

$r = q(
"INSERT INTO `intro` (`uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked`)
@@ -3030,7 +3031,7 @@ class DFRN
return;
}

$sec = random_string();
$sec = Strings::getRandomHex();

DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);



+ 3
- 2
src/Protocol/Diaspora.php View File

@@ -34,6 +34,7 @@ use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use SimpleXMLElement;

@@ -2421,7 +2422,7 @@ class Diaspora
if (in_array($importer["page-flags"], [Contact::PAGE_NORMAL, Contact::PAGE_PRVGROUP])) {
Logger::log("Sending intra message for author ".$author.".", Logger::DEBUG);

$hash = random_string().(string)time(); // Generate a confirm_key
$hash = Strings::getRandomHex().(string)time(); // Generate a confirm_key

$ret = q(
"INSERT INTO `intro` (`uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
@@ -3055,7 +3056,7 @@ class Diaspora
return 200;
}

$logid = random_string(4);
$logid = String::getRandomHex(4);

$dest_url = ($public_batch ? $contact["batch"] : $contact["notify"]);



+ 1
- 1
src/Util/LDSignature.php View File

@@ -54,7 +54,7 @@ class LDSignature
{
$options = [
'type' => 'RsaSignature2017',
'nonce' => random_string(64),
'nonce' => Strings::getRandomHex(64),
'creator' => $owner['url'] . '#main-key',
'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
];


+ 1
- 1
src/Util/Strings.php View File

@@ -16,7 +16,7 @@ class Strings
* @param int $size
* @return string
*/
public static function getRandomHex($size = 64) // random_string()
public static function getRandomHex($size = 64)
{
$byte_size = ceil($size / 2);



Loading…
Cancel
Save