mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-04 22:53:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Strengthen some crypto (#8061)

Browse Source 
For login, tokens, nonces
This commit is contained in:
Alexandre Alapetite
2025-10-04 14:32:18 +02:00
committed by GitHub
parent be49726ebb
commit 57e1a375cb
6 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controllers/userController.php
View File

@@ -41,8 +41,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
$userConfig->mail_login = $email;
if (FreshRSS_Context::systemConf()->force_email_validation) {
$salt = FreshRSS_Context::systemConf()->salt;
$userConfig->email_validation_token = sha1($salt . uniqid('' . mt_rand(), true));
$userConfig->email_validation_token = hash('sha256', FreshRSS_Context::systemConf()->salt . $email . random_bytes(32));
$mailer = new FreshRSS_User_Mailer();
$mailer->send_email_need_validation($user, $userConfig);
}