Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix how the token secret is generated

  • Loading branch information...
commit a705e358ed4a534657ab46abcf1ffd317a8bf7a2 1 parent fbaae9b
Chirag Shah chirags authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/OAuth.php
4 lib/OAuth.php
View
@@ -740,8 +740,8 @@ function lookup_nonce($consumer, $token, $nonce, $timestamp) {
function new_token($consumer, $type="request") {
$key = md5(time());
- $secret = time() + time();
- $token = new OAuthToken($key, md5(md5($secret)));
+ $secret = mt_rand();
+ $token = new OAuthToken($key, md5($secret));
if (!dba_insert("${type}_$key", serialize($token), $this->dbh)) {
trigger_error("doooom!", E_USER_WARNING);
return NULL;
Please sign in to comment.
Something went wrong with that request. Please try again.