Skip to content

Commit 4b962c1

Browse files
authored
Merge pull request #1438 from michaellrowley/security-patch
CVE-2021-3678 Patch
2 parents 034328a + db53edb commit 4b962c1

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: server/Application/Api/Controller/AdminSettingController.class.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ public function getLoginSecretKey(){
166166
$this->checkAdmin();
167167
$login_secret_key = D("Options")->get("login_secret_key") ;
168168
if(!$login_secret_key){
169-
$login_secret_key = md5("rgrsfsrfsrf".time().rand(1,9000000000000000).uniqid());
169+
$login_secret_key = bin2hex( random_bytes( 16 ) );
170170
D("Options")->set("login_secret_key",$login_secret_key) ;
171171
}
172172
$this->sendResult(array("login_secret_key"=>$login_secret_key));
@@ -176,7 +176,7 @@ public function getLoginSecretKey(){
176176
public function resetLoginSecretKey(){
177177
$login_user = $this->checkLogin();
178178
$this->checkAdmin();
179-
$login_secret_key = md5("rgrsfsrfsrf".time().rand(1,9000000000000000).uniqid());
179+
$login_secret_key = bin2hex( random_bytes( 16 ) );
180180
D("Options")->set("login_secret_key",$login_secret_key) ;
181181
$this->sendResult(array("login_secret_key"=>$login_secret_key));
182182

0 commit comments

Comments
 (0)