GNU social

Check-in [0b21ccc4dd]
Login

Check-in [0b21ccc4dd]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:[CORE] Use random_bytes() if available and improve common_confirmation_code() randomness. With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php) and the [random_int()](https://www.php.net/manual/en/function.random-int.php) function which generates cryptographically secure pseudo-random bytes and integers, respectively.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | v1.20.9release | origin/1.2.x | origin/1.1.x
Files: files | file ages | folders
SHA3-256: 0b21ccc4dd3bcb8fc2b03f0102975e318f3e1b6516e6d6aba225b3c89e01a18c
User & Date: diogo@fc.up.pt 2019-08-03 16:29:14
Context
2020-06-10
10:28
[CORE] Another fix for the inboxnoticestream query check-in: 0a64c864c6 user: sor.alexei@meowr.ru tags: trunk, origin/1.20.x, origin/1.2.x, origin/1.1.x
2019-08-03
16:30
[Oembed] Refactoring and some improvements (namely documentation) Imported some changes from postActiv check-in: 8a780d8665 user: diogo@fc.up.pt tags: trunk, origin/1.2.x, origin/1.1.x, origin/1.5
16:29
[CORE] Use random_bytes() if available and improve common_confirmation_code() randomness. With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php) and the [random_int()](https://www.php.net/manual/en/function.random-int.php) function which generates cryptographically secure pseudo-random bytes and integers, respectively. Leaf check-in: 0b21ccc4dd user: diogo@fc.up.pt tags: trunk, v1.20.9release, origin/1.2.x, origin/1.1.x
2019-08-01
13:38
[SCRIPTS] Fix sessiongc by XRevan86 check-in: 123d60d6e2 user: diogo@fc.up.pt tags: trunk, origin/1.2.x, origin/1.1.x
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to lib/framework.php. 

28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

 */

defined('GNUSOCIAL') || die();

define('GNUSOCIAL_ENGINE', 'GNU social');
define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/');

define('GNUSOCIAL_BASE_VERSION', '1.20.8');
define('GNUSOCIAL_LIFECYCLE', 'release'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'

define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE);

define('GNUSOCIAL_CODENAME', 'The Invicta Crusade');

define('AVATAR_PROFILE_SIZE', 96);








|








28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

 */

defined('GNUSOCIAL') || die();

define('GNUSOCIAL_ENGINE', 'GNU social');
define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/');

define('GNUSOCIAL_BASE_VERSION', '1.20.9');
define('GNUSOCIAL_LIFECYCLE', 'release'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'

define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE);

define('GNUSOCIAL_CODENAME', 'The Invicta Crusade');

define('AVATAR_PROFILE_SIZE', 96);

Changes to lib/util.php. 

1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760

}

/**
 * returns $bytes bytes of random data as a hexadecimal string
 */
function common_random_hexstr($bytes)
{
    $str = common_random_rawstr($bytes);

    $hexstr = '';
    for ($i = 0; $i < $bytes; $i++) {
        $hexstr .= sprintf("%02x", ord($str[$i]));
    }
    return $hexstr;
}

function common_urandom($bytes)
{
    $h = fopen('/dev/urandom', 'rb');
    // should not block
    $src = fread($h, $bytes);








<
|
<
<
<
<
<








1740
1741
1742
1743
1744
1745
1746

1747





1748
1749
1750
1751
1752
1753
1754

}

/**
 * returns $bytes bytes of random data as a hexadecimal string
 */
function common_random_hexstr($bytes)
{

    return bin2hex(random_bytes($bytes));





}

function common_urandom($bytes)
{
    $h = fopen('/dev/urandom', 'rb');
    // should not block
    $src = fread($h, $bytes);

2220
2221
2222
2223
2224
2225
2226
2227

2228
2229
2230

2231


2232
2233

2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247

    return common_local_url('userbyid',
                            ['id' => $user->id],
                            null,
                            null,
                            false);
}

// 36 alphanums - lookalikes (0, O, 1, I) = 32 chars = 5 bits


function common_confirmation_code($bits)
{

    // 36 alphanums - lookalikes (0, O, 1, I) = 32 chars = 5 bits


    static $codechars = '23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
    $chars = ceil($bits/5);

    $code = '';
    for ($i = 0; $i < $chars; $i++) {
        // XXX: convert to string and back
        $num = hexdec(common_random_hexstr(1));
        // XXX: randomness is too precious to throw away almost
        // 40% of the bits we get!
        $code .= $codechars[$num%32];
    }
    return $code;
}

// convert markup to HTML
function common_markup_to_html($c, $args=null)
{








|
>
|
|
<
>
|
>
>
|

>

|
<
|
<
<
|








2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224

2225
2226
2227
2228
2229
2230
2231
2232
2233

2234


2235
2236
2237
2238
2239
2240
2241
2242

    return common_local_url('userbyid',
                            ['id' => $user->id],
                            null,
                            null,
                            false);
}

/**
 * Generates cryptographically secure pseudo-random strings out of a allowed chars string
 *
 * @param $bits int strength of the confirmation code

 * @param $codechars allowed characters to be used in the confirmation code, by default we use 36 upper case
 * alphanums and remove lookalikes (0, O, 1, I) = 32 chars = 5 bits to make it easy for the user to type in
 * @return string confirmation_code of length $bits/5
 */
function common_confirmation_code($bits, $codechars = '23456789ABCDEFGHJKLMNPQRSTUVWXYZ') {
    $chars = ceil($bits/5);
    $codechars_length = strlen($codechars)-1;
    $code = '';
    for($i = 0; $i < $chars; ++$i) {

        $random_char = $codechars[random_int(0, $codechars_length)];


        $code .= $random_char;
    }
    return $code;
}

// convert markup to HTML
function common_markup_to_html($c, $args=null)
{