Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F1046164
D472.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Fri, Jun 27, 9:07 PM
Size
504 B
Mime Type
text/x-diff
Expires
Sat, Jun 28, 9:07 PM (4 h, 13 m)
Engine
blob
Format
Raw Data
Handle
676309
Attached To
D472: INP-1865 Use cryptographically safe session key generator
D472.diff
View Options
Index: branches/5.2.x/core/kernel/session/session.php
===================================================================
--- branches/5.2.x/core/kernel/session/session.php
+++ branches/5.2.x/core/kernel/session/session.php
@@ -535,7 +535,10 @@
*/
function GenerateSID()
{
- $this->setSID(kUtil::generateId());
+ $this->setSID(
+ SecurityGenerator::generateNumber(100000000, 999999999)
+ ->resolveForPersisting(TABLE_PREFIX . 'UserSessions', 'SessionKey')
+ );
return $this->SID;
}
Event Timeline
Log In to Comment