diff options
| author | Robin Appelman <icewind@owncloud.com> | 2014-08-29 19:48:00 +0200 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2014-08-29 19:48:00 +0200 |
| commit | 0b883553688dcc0c522afd6b3e48bc303b956edf (patch) | |
| tree | 08b59705223227ade113ea9e70c2fae81d24f49a | |
| parent | 3a4b71ffb495831fabbc350c65cddcea6470ee8a (diff) | |
| parent | 3de69ff81b040193ced9bc091b42c2c4764d659e (diff) | |
| download | nextcloud-server-0b883553688dcc0c522afd6b3e48bc303b956edf.tar.gz nextcloud-server-0b883553688dcc0c522afd6b3e48bc303b956edf.zip | |
Merge pull request #10721 from owncloud/kill-rand
Kill insecure random number generation
| -rw-r--r-- | lib/private/template.php | 9 | ||||
| -rw-r--r-- | lib/private/templatelayout.php | 4 | ||||
| -rwxr-xr-x | lib/private/util.php | 14 |
3 files changed, 11 insertions, 16 deletions
diff --git a/lib/private/template.php b/lib/private/template.php index d6afe1a3e40..73fa53a2fa3 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -29,7 +29,7 @@ require_once __DIR__.'/template/functions.php'; class OC_Template extends \OC\Template\Base { private $renderas; // Create a full page? private $path; // The path to the template - private $headers=array(); //custom headers + private $headers = array(); //custom headers protected $app; // app id /** @@ -37,6 +37,7 @@ class OC_Template extends \OC\Template\Base { * @param string $app app providing the template * @param string $name of the template file (without suffix) * @param string $renderas = ""; produce a full page + * @param bool $registerCall = true * @return OC_Template object * * This function creates an OC_Template object. @@ -45,14 +46,14 @@ class OC_Template extends \OC\Template\Base { * according layout. For now, renderas can be set to "guest", "user" or * "admin". */ - public function __construct( $app, $name, $renderas = "" ) { + public function __construct( $app, $name, $renderas = "", $registerCall = true ) { // Read the selected theme from the config file $theme = OC_Util::getTheme(); // Read the detected formfactor and use the right file name. $fext = self::getFormFactorExtension(); - $requesttoken = OC::$server->getSession() ? OC_Util::callRegister() : ''; + $requesttoken = (OC::$server->getSession() and $registerCall) ? OC_Util::callRegister() : ''; $parts = explode('/', $app); // fix translation when app is something like core/lostpassword $l10n = OC_L10N::get($parts[0]); @@ -253,7 +254,7 @@ class OC_Template extends \OC\Template\Base { * Warning: All data passed to $hint needs to get sanitized using OC_Util::sanitizeHTML */ public static function printErrorPage( $error_msg, $hint = '' ) { - $content = new OC_Template( '', 'error', 'error' ); + $content = new \OC_Template( '', 'error', 'error', false ); $errors = array(array('error' => $error_msg, 'hint' => $hint)); $content->assign( 'errors', $errors ); $content->printPage(); diff --git a/lib/private/templatelayout.php b/lib/private/templatelayout.php index a5dd9a0c614..b9a97186945 100644 --- a/lib/private/templatelayout.php +++ b/lib/private/templatelayout.php @@ -59,7 +59,9 @@ class OC_TemplateLayout extends OC_Template { $this->assign( 'user_uid', OC_User::getUser() ); $this->assign( 'appsmanagement_active', strpos(OC_Request::requestUri(), OC_Helper::linkToRoute('settings_apps')) === 0 ); $this->assign('enableAvatars', \OC_Config::getValue('enable_avatars', true)); - } else if ($renderas == 'guest' || $renderas == 'error') { + } else if ($renderas == 'error') { + parent::__construct('core', 'layout.guest', '', false); + } else if ($renderas == 'guest') { parent::__construct('core', 'layout.guest'); } else { parent::__construct('core', 'layout.base'); diff --git a/lib/private/util.php b/lib/private/util.php index c79f374771c..ad078e8a44c 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1208,6 +1208,7 @@ class OC_Util { * * @param int $length of the random string * @return string + * @throws Exception when no secure RNG source is available * Please also update secureRNGAvailable if you change something here */ public static function generateRandomBytes($length = 30) { @@ -1228,17 +1229,8 @@ class OC_Util { } } - // Fallback to mt_rand() - $characters = '0123456789'; - $characters .= 'abcdefghijklmnopqrstuvwxyz'; - $charactersLength = strlen($characters) - 1; - $pseudoByte = ""; - - // Select some random characters - for ($i = 0; $i < $length; $i++) { - $pseudoByte .= $characters[mt_rand(0, $charactersLength)]; - } - return $pseudoByte; + // No random numbers are better then bad random numbers + throw new \Exception('No secure random number generator available, please install the php-openssl extension'); } /** |