diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2018-06-17 15:44:28 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2018-06-17 15:44:28 +0200 |
| commit | 02cbb864a5b6df62e978a69c368c8ec5ca35d8a3 (patch) | |
| tree | e604967ada13a1ec9c3a1674bdd5a6f85fce7d9d | |
| parent | 7245bc9977235d7165d35a5671ccb5b22fc042e2 (diff) | |
| parent | 9e50e52fa5c72ee668c0d4c43b15e441f31ada5c (diff) | |
| download | forums-02cbb864a5b6df62e978a69c368c8ec5ca35d8a3.tar forums-02cbb864a5b6df62e978a69c368c8ec5ca35d8a3.tar.gz forums-02cbb864a5b6df62e978a69c368c8ec5ca35d8a3.tar.bz2 forums-02cbb864a5b6df62e978a69c368c8ec5ca35d8a3.tar.xz forums-02cbb864a5b6df62e978a69c368c8ec5ca35d8a3.zip | |
Merge pull request #5245 from rubencm/ticket/15693
[ticket/15693] Fix get_rand_string()
| -rw-r--r-- | phpBB/includes/functions.php | 8 | ||||
| -rw-r--r-- | tests/random/gen_rand_string_test.php | 10 |
2 files changed, 14 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4aae84705b..270d513a26 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -66,23 +66,27 @@ function set_var(&$result, $var, $type, $multibyte = false) /** * Generates an alphanumeric random string of given length * +* @param int $num_chars Length of random string, defaults to 8 +* * @return string */ function gen_rand_string($num_chars = 8) { // [a, z] + [0, 9] = 36 - return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars); + return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars); } /** * Generates a user-friendly alphanumeric random string of given length * We remove 0 and O so users cannot confuse those in passwords etc. * +* @param int $num_chars Length of random string, defaults to 8 +* * @return string */ function gen_rand_string_friendly($num_chars = 8) { - $rand_str = unique_id(); + $rand_str = bin2hex(random_bytes($num_chars)); // Remove Z and Y from the base_convert(), replace 0 with Z and O with Y // [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34 diff --git a/tests/random/gen_rand_string_test.php b/tests/random/gen_rand_string_test.php index a9d1ea20de..428db6ac98 100644 --- a/tests/random/gen_rand_string_test.php +++ b/tests/random/gen_rand_string_test.php @@ -40,7 +40,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case $random_string_length = strlen($random_string); $this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH); - $this->assertTrue($random_string_length <= $num_chars); + $this->assertTrue( + $random_string_length == $num_chars, + sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length) + ); $this->assertRegExp('#^[A-Z0-9]+$#', $random_string); } } @@ -56,7 +59,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case $random_string_length = strlen($random_string); $this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH); - $this->assertTrue($random_string_length <= $num_chars); + $this->assertTrue( + $random_string_length == $num_chars, + sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length) + ); $this->assertRegExp('#^[A-NP-Z1-9]+$#', $random_string); } } |