Page MenuHomePhabricator
Files F2721943

0001-0-pad-to-length-in-random-string-generation-for-backporting.patch
No One
Actions

Authored By
Anomie
Oct 14 2015, 9:53 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-0-pad-to-length-in-random-string-generation-for-backporting.patch
View Options

From 1165a89d8ceffe6ddb05292efd6b7a95fac43939 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed, 14 Oct 2015 17:53:09 -0400
Subject: [PATCH] 0-pad to length in random string generation
Otherwise shorter strings might be generated.
Bug: T115522
Change-Id: I3569218ea840e9de7a3fe458acf474e3dac6d1ab
---
includes/User.php | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/includes/User.php b/includes/User.php
index 75649a7..d2838a7 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -1030,11 +1030,10 @@ class User implements IDBAccessObject {
// stopping at a minimum of 10 chars.
$length = max( 10, $wgMinimalPasswordLength );
// Multiply by 1.25 to get the number of hex characters we need
- $length = $length * 1.25;
// Generate random hex chars
- $hex = MWCryptRand::generateHex( $length );
+ $hex = MWCryptRand::generateHex( ceil( $length * 1.25 ) );
// Convert from base 16 to base 32 to get a proper password like string
- return wfBaseConvert( $hex, 16, 32 );
+ return substr( wfBaseConvert( $hex, 16, 32, $length ), -$length );
}
/**
--
2.6.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2734374
Default Alt Text
0001-0-pad-to-length-in-random-string-generation-for-backporting.patch (1 KB)

Event Timeline

Anomie updated the name for this file from "0001-0-pad-to-length-in-random-string-generation.patch" to "0001-0-pad-to-length-in-random-string-generation-for-backporting.patch".Oct 14 2015, 9:53 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits