Skip to content
Permalink
Browse files

changes all uniqid() to Security::randomBytes(16)

  • Loading branch information...
TheFRedFox committed May 27, 2016
1 parent 37d0dcb commit 19f72bd3aac5d2dec34fb7e1492506e97876f5f2
Showing with 4 additions and 3 deletions.
  1. +4 −3 src/Network/Http/Auth/Oauth.php
@@ -15,6 +15,7 @@
use Cake\Core\Exception\Exception;
use Cake\Network\Http\Request;
use Cake\Utility\Security;
/**
* Oauth 1 authentication strategy for Cake\Network\Http\Client
@@ -99,7 +100,7 @@ protected function _plaintext($request, $credentials)
{
$values = [
'oauth_version' => '1.0',
'oauth_nonce' => uniqid(),
'oauth_nonce' => Security::randomBytes(16),
'oauth_timestamp' => time(),
'oauth_signature_method' => 'PLAINTEXT',
'oauth_token' => $credentials['token'],
@@ -126,7 +127,7 @@ protected function _plaintext($request, $credentials)
*/
protected function _hmacSha1($request, $credentials)
{
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : uniqid();
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
$values = [
'oauth_version' => '1.0',
@@ -166,7 +167,7 @@ protected function _rsaSha1($request, $credentials)
throw new \RuntimeException('RSA-SHA1 signature method requires the OpenSSL extension.');
}
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : uniqid();
$nonce = isset($credentials['nonce']) ? $credentials['nonce'] : Security::randomBytes(16);
$timestamp = isset($credentials['timestamp']) ? $credentials['timestamp'] : time();
$values = [
'oauth_version' => '1.0',

0 comments on commit 19f72bd

Please sign in to comment.
You can’t perform that action at this time.