Skip to content

Commit

Permalink
Replace Md5Rand in favor of Sha1Rand
Browse files Browse the repository at this point in the history
  • Loading branch information
djmaze committed Oct 11, 2021
1 parent dfa448c commit 33f42cc
Show file tree
Hide file tree
Showing 9 changed files with 13 additions and 36 deletions.
2 changes: 1 addition & 1 deletion snappymail/v/0.0.0/app/libraries/MailSo/Base/StreamWrappers/SubStreams.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ public static function CreateStream(array $aSubStreams)
\stream_wrapper_register(self::STREAM_NAME, '\MailSo\Base\StreamWrappers\SubStreams');
}

$sHashName = \MailSo\Base\Utils::Md5Rand();
$sHashName = \MailSo\Base\Utils::Sha1Rand();

self::$aStreams[$sHashName] = \array_map(function ($mItem) {
return \is_resource($mItem) ? $mItem :
Expand Down
23 changes: 0 additions & 23 deletions snappymail/v/0.0.0/app/libraries/MailSo/Base/Utils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1661,11 +1661,6 @@ public static function CharsetDetect(string $sStr) : string
return \is_string($mResult) && \strlen($mResult) ? $mResult : '';
}

public static function Md5Rand(string $sAdditionalSalt = '') : string
{
return \md5($sAdditionalSalt . \random_bytes(16));
}

public static function Sha1Rand(string $sAdditionalSalt = '') : string
{
return \sha1($sAdditionalSalt . \random_bytes(16));
Expand Down Expand Up @@ -1727,22 +1722,4 @@ public static function IdnToAscii(string $sStr, bool $bLowerIfAscii = false) : s

return ('' === $sUser ? '' : $sUser.'@').$sDomain;
}

public static function HashToId(string $sHash, string $sSalt = '') : int
{
$sData = $sHash ? Crypt::Decrypt(\hex2bin($sHash), \md5($sSalt)) : null;

$aMatch = array();
if ($sData && \preg_match('/^id:(\d+)$/', $sData, $aMatch) && isset($aMatch[1]))
{
return \is_numeric($aMatch[1]) ? (int) $aMatch[1] : null;
}

return null;
}

public static function IdToHash(int $iID, string $sSalt = '') : string
{
return \bin2hex(Crypt::Encrypt('id:'.$iID, \md5($sSalt)));
}
}
2 changes: 1 addition & 1 deletion snappymail/v/0.0.0/app/libraries/MailSo/Log/Logger.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ public static function Guid() : string
static $sCache = null;
if (null === $sCache)
{
$sCache = \substr(\MailSo\Base\Utils::Md5Rand(), -8);
$sCache = \substr(\MailSo\Base\Utils::Sha1Rand(), -8);
}

return $sCache;
Expand Down
4 changes: 2 additions & 2 deletions snappymail/v/0.0.0/app/libraries/MailSo/Mail/MailClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -818,7 +818,7 @@ private function parseSearchString(string $sSearch) : array
{
do
{
$sKey = \MailSo\Base\Utils::Md5Rand();
$sKey = \MailSo\Base\Utils::Sha1Rand();
}
while (isset($aCache[$sKey]));

Expand All @@ -834,7 +834,7 @@ private function parseSearchString(string $sSearch) : array
{
do
{
$sKey = \MailSo\Base\Utils::Md5Rand();
$sKey = \MailSo\Base\Utils::Sha1Rand();
}
while (isset($aCache[$sKey]));

Expand Down
2 changes: 1 addition & 1 deletion snappymail/v/0.0.0/app/libraries/MailSo/Mime/Message.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ private function generateNewMessageId(string $sHostName = '') : string
}

return '<'.
\MailSo\Base\Utils::Md5Rand($sHostName.
\MailSo\Base\Utils::Sha1Rand($sHostName.
(\MailSo\Base\Utils::FunctionExistsAndEnabled('getmypid') ? \getmypid() : '')).'@'.$sHostName.'>';
}

Expand Down
2 changes: 1 addition & 1 deletion snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1760,7 +1760,7 @@ public function UploadBackground(): array
)) {
$oSettings = $this->SettingsProvider()->Load($oAccount);
if ($oSettings) {
$sHash = \MailSo\Base\Utils::Md5Rand($sName . APP_VERSION . APP_SALT);
$sHash = \MailSo\Base\Utils::Sha1Rand($sName . APP_VERSION . APP_SALT);

$oSettings->SetConf('UserBackgroundName', $sName);
$oSettings->SetConf('UserBackgroundHash', $sHash);
Expand Down
2 changes: 1 addition & 1 deletion snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public function ClearAdminAuthToken() : void

private function getAdminToken() : string
{
$sRand = \MailSo\Base\Utils::Md5Rand();
$sRand = \MailSo\Base\Utils::Sha1Rand();
if (!$this->Cacher(null, true)->Set(KeyPathHelper::SessionAdminKey($sRand), \time()))
{
$this->oLogger->Write('Cannot store an admin token',
Expand Down
6 changes: 3 additions & 3 deletions snappymail/v/0.0.0/app/libraries/RainLoop/Actions/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ public function DoAttachmentsActions() : array
{
case 'zip':

$sZipHash = \MailSo\Base\Utils::Md5Rand();
$sZipHash = \MailSo\Base\Utils::Sha1Rand();
$sZipFileName = $oFilesProvider->GenerateLocalFullFileName($oAccount, $sZipHash);

if (!empty($sZipFileName)) {
Expand Down Expand Up @@ -528,7 +528,7 @@ protected function ClearSignMeData(\RainLoop\Model\Account $oAccount) : void

private function generateSignMeToken(string $sEmail) : string
{
return \MailSo\Base\Utils::Md5Rand(APP_SALT.$sEmail);
return \MailSo\Base\Utils::Sha1Rand(APP_SALT.$sEmail);
}

private function getMimeFileByHash(\RainLoop\Model\Account $oAccount, string $sHash) : array
Expand All @@ -553,7 +553,7 @@ private function getMimeFileByHash(\RainLoop\Model\Account $oAccount, string $sH

if ($oAccount && \is_resource($rResource))
{
$sHash = \MailSo\Base\Utils::Md5Rand($sFileNameIn.'~'.$sContentTypeIn);
$sHash = \MailSo\Base\Utils::Sha1Rand($sFileNameIn.'~'.$sContentTypeIn);
$rTempResource = $oFileProvider->GetFile($oAccount, $sHash, 'wb+');

if (\is_resource($rTempResource))
Expand Down
6 changes: 3 additions & 3 deletions snappymail/v/0.0.0/app/libraries/RainLoop/Utils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public static function GetConnectionToken() : string
$sToken = static::GetCookie($sKey, null);
if (null === $sToken)
{
$sToken = \MailSo\Base\Utils::Md5Rand(APP_SALT);
$sToken = \MailSo\Base\Utils::Sha1Rand(APP_SALT);
static::SetCookie($sKey, $sToken, \time() + 60 * 60 * 24 * 30);
}

Expand All @@ -89,9 +89,9 @@ public static function GetShortToken() : string
$sKey = 'rlsession';

$sToken = static::GetCookie($sKey, null);
if (null === $sToken)
if (!$sToken)
{
$sToken = \MailSo\Base\Utils::Md5Rand(APP_SALT);
$sToken = \MailSo\Base\Utils::Sha1Rand(APP_SALT);
static::SetCookie($sKey, $sToken, 0);
}

Expand Down

0 comments on commit 33f42cc

Please sign in to comment.