Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generateRandomToken improvement. #1176

Open
wants to merge 3 commits into
base: hotfix
Choose a base branch
from
Open

generateRandomToken improvement. #1176

wants to merge 3 commits into from

Conversation

michaellrowley
Copy link

The MD5 call altogether has been switched out for the hexadecimal representation of 16 CSRNG-generated bytes (the same amount at MD5 produces).
See this.

lcharette and others added 3 commits August 2, 2021 21:30
@lcharette lcharette changed the base branch from master to hotfix August 10, 2021 23:58
@lcharette lcharette added the security Framework security issue label Aug 10, 2021
@codecov
Copy link

codecov bot commented Aug 11, 2021
edited
Loading

Codecov Report

Merging #1176 (3aff283) into hotfix (5b50529) will decrease coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             hotfix    #1176      +/-   ##
============================================
- Coverage     70.68%   70.68%   -0.01%     
  Complexity     1984     1984              
============================================
  Files           173      173              
  Lines          6911     6910       -1     
============================================
- Hits           4885     4884       -1     
  Misses         2026     2026
Impacted Files Coverage Δ
...rinkles/account/src/Repository/TokenRepository.php 62.68% <100.00%> (ø)
app/sprinkles/core/src/Util/Captcha.php 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5b50529...3aff283. Read the comment docs.

@lcharette lcharette added this to the 4.6.x milestone Aug 11, 2021
@lcharette
Copy link
Member

N.B.: This will need to be properly (manually) tested to make sure the existing token (if any) are not impacted and Captcha still properly working.

@lcharette lcharette modified the milestones: 4.6.x, 5.0.1 Nov 25, 2023
@lcharette lcharette modified the milestones: 5.0.1, 5.1.0 Dec 12, 2023
@lcharette lcharette modified the milestones: 5.1.0, 5.3.0 Apr 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security Framework security issue
Projects
UserFrosting Task Planner
Status: Not Started
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@michaellrowley @lcharette