AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Create custom function (randomString()) for generating cryptographically (and URL) safe strings.

Browse Source 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
This commit is contained in:
Marcus Hill
2023-01-26 21:35:06 +00:00
parent 41068d356b
commit 23e3a2e8fc
10 changed files with 52 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ajax.php
View File

@@ -230,7 +230,7 @@ if (isset($_GET['share_generate_link'])) {
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = bin2hex(random_bytes(78));
$item_key = randomString(156);
if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
@@ -250,8 +250,8 @@ if (isset($_GET['share_generate_link'])) {
// Decrypt & re-encrypt password for sharing
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$login_encryption_key = bin2hex(random_bytes(8));
$iv = bin2hex(random_bytes(8));
$login_encryption_key = randomString();
$iv = randomString();
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $ciphertext;