Page MenuHomeIn-Portal Phabricator
Files F823738

D510.diff
No OneTemporary
Actions

File Metadata

Created
Mon, Mar 10, 11:41 AM

D510.diff
View Options

Index: core/kernel/managers/plain_url_processor.php
===================================================================
--- core/kernel/managers/plain_url_processor.php
+++ core/kernel/managers/plain_url_processor.php
@@ -69,9 +69,11 @@
$template = '';
$vars = Array ();
- if ( preg_match('/^([\d]+|)-(.*)$/', $parts[0], $regs) ) {
- // first "env" component matches "sid-template" format
- // (will be false, when mod-rewrite url to home page is built)
+ /*
+ * First "env" component matches "sid-template" format
+ * (will be false, when mod-rewrite url to home page is built).
+ */
+ if ( preg_match('/^([\da-f]{' . Session::SID_LENGTH . '}|)-(.*)$/', $parts[0], $regs) ) {
$sid = $regs[1];
$template = $regs[2];
array_shift($parts);
@@ -260,4 +262,4 @@
return $ret;
}
-}
\ No newline at end of file
+}
Index: core/kernel/session/session.php
===================================================================
--- core/kernel/session/session.php
+++ core/kernel/session/session.php
@@ -83,6 +83,8 @@
const PURPOSE_STORAGE = 2;
const PURPOSE_REFERENCE = 3;
+ const SID_LENGTH = 32;
+
var $Checkers;
var $Mode;
@@ -552,7 +554,8 @@
*/
protected function GenerateSID()
{
- $promise = SecurityGenerator::generateBytes(16);
+ // Generated byte-string is hex-encoded and therefore is twice the requested size.
+ $promise = SecurityGenerator::generateBytes(self::SID_LENGTH / 2);
$promise->asSignature()->resolveForPersisting(TABLE_PREFIX . 'UserSessions', 'SessionKey');
$new_sid = $promise->asValue()->resolve();

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server