diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2019-04-11 05:55:22 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-11 05:55:22 +0300 |
commit | 31a54936d2fe32c8ffeb2fe8338175bd3fc1c0cc (patch) | |
tree | 26f23dc91e81b6b4eb1f2036fbbac30e72e6681c /libs | |
parent | 1d9bcc8ce70c551fbc7d764b81f32c9462e84988 (diff) |
Use better random string generator in 2fa lib (#14321)
Diffstat (limited to 'libs')
-rw-r--r-- | libs/Authenticator/TwoFactorAuthenticator.php | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/libs/Authenticator/TwoFactorAuthenticator.php b/libs/Authenticator/TwoFactorAuthenticator.php index fc0b962856..59fcb569e8 100644 --- a/libs/Authenticator/TwoFactorAuthenticator.php +++ b/libs/Authenticator/TwoFactorAuthenticator.php @@ -10,6 +10,8 @@ * small adjustments by @sgiehl / matomo.org * - renamed class * - removed method getQRCodeGoogleUrl + * small adjustments by matomo.org + * - use better random secret generator */ class TwoFactorAuthenticator @@ -28,11 +30,8 @@ class TwoFactorAuthenticator $validChars = $this->_getBase32LookupTable(); unset($validChars[32]); - $secret = ''; - for ($i = 0; $i < $secretLength; $i++) { - $secret .= $validChars[array_rand($validChars)]; - } - return $secret; + // modified by matomo.org + return \Piwik\Common::getRandomString($secretLength, implode('', $validChars)); } /** @@ -192,4 +191,4 @@ class TwoFactorAuthenticator '=' // padding char ); } -}
\ No newline at end of file +} |