diff options
author | Lukas Winkler <git@lw1.at> | 2021-09-20 01:20:20 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-20 01:20:20 +0300 |
commit | 81cb72edb8e0731d20cc047b0327bcbaddea28b9 (patch) | |
tree | ed8800c375c7efb8a8e0a0967ea59849b2f65310 | |
parent | 7ff0e20d6b1bc0e8a798dba8d20dd9bfc11d0a62 (diff) |
Always use secure randomness (#18030)
-rw-r--r-- | core/Common.php | 38 | ||||
-rw-r--r-- | plugins/MobileMessaging/API.php | 3 |
2 files changed, 8 insertions, 33 deletions
diff --git a/core/Common.php b/core/Common.php index dd999480fe..c9f111905e 100644 --- a/core/Common.php +++ b/core/Common.php @@ -135,11 +135,11 @@ class Common if(PHP_SAPI === 'cli'){ return true; } - + if(self::isPhpCgiType() && (!isset($_SERVER['REMOTE_ADDR']) || empty($_SERVER['REMOTE_ADDR']))){ return true; } - + return false; } @@ -586,40 +586,14 @@ class Common * * @param int $min * @param null|int $max Defaults to max int value - * @return int|null + * @return int */ public static function getRandomInt($min = 0, $max = null) { - $rand = null; - - if (function_exists('random_int')) { - try { - if (!isset($max)) { - $max = PHP_INT_MAX; - } - $rand = random_int($min, $max); - } catch (Exception $e) { - // If none of the crypto sources are available, an Exception will be thrown. - $rand = null; - } + if (!isset($max)) { + $max = PHP_INT_MAX; } - - if (!isset($rand)) { - if (function_exists('mt_rand')) { - if (!isset($max)) { - $max = mt_getrandmax(); - } - $rand = mt_rand($min, $max); - } else { - if (!isset($max)) { - $max = getrandmax(); - } - - $rand = rand($min, $max); - } - } - - return $rand; + return random_int($min, $max); } /** diff --git a/plugins/MobileMessaging/API.php b/plugins/MobileMessaging/API.php index 06bd65ea84..808b8f370a 100644 --- a/plugins/MobileMessaging/API.php +++ b/plugins/MobileMessaging/API.php @@ -8,6 +8,7 @@ */ namespace Piwik\Plugins\MobileMessaging; +use Piwik\Common; use Piwik\Option; use Piwik\Piwik; use Piwik\Plugins\MobileMessaging\SMSProvider; @@ -98,7 +99,7 @@ class API extends \Piwik\Plugin\API $verificationCode = ""; for ($i = 0; $i < self::VERIFICATION_CODE_LENGTH; $i++) { - $verificationCode .= mt_rand(0, 9); + $verificationCode .= Common::getRandomInt(0, 9); } $smsText = Piwik::translate( |