Make private URLs more secure, thanks to jvoisin. This fixes T46.
authorAndreas Boehler <andreas@aboehler.at>
Fri, 28 Jul 2017 14:45:21 +0200
changeset 97 289b4fc06c1a
parent 96 4a71e837f15f
child 98 44f79c6fb95f
Make private URLs more secure, thanks to jvoisin. This fixes T46.
helper.php
plugin.info.txt
--- a/helper.php	Tue May 30 21:18:52 2017 +0200
+++ b/helper.php	Fri Jul 28 14:45:21 2017 +0200
@@ -849,7 +849,7 @@
       {
           // Actually add the values to the database
           $calid = $this->getCalendarIdForPage($id);
-          $uri = uniqid('dokuwiki-').'.ics';
+          $uri = $uri = 'dokuwiki-' . bin2hex(random_bytes(16)) . '.ics';
           $now = new \DateTime();
           
           $sqlite = $this->getDB();
@@ -1563,7 +1563,7 @@
       $row = $sqlite->res2row($res);
       if(!isset($row['url']))
       {
-          $url = uniqid("dokuwiki-").".ics";
+          $url = 'dokuwiki-' . bin2hex(random_bytes(16)) . '.ics';
           $query = "INSERT INTO calendartoprivateurlmapping (url, calid) VALUES(?, ?)";
           $res = $sqlite->query($query, $url, $calid);
           if($res === false)
--- a/plugin.info.txt	Tue May 30 21:18:52 2017 +0200
+++ b/plugin.info.txt	Fri Jul 28 14:45:21 2017 +0200
@@ -1,7 +1,7 @@
 base	davcal
 author  Andreas Boehler
 email   dev@aboehler.at
-date    2017-02-21
+date    2017-07-28
 name    Calendar PlugIn with CalDAV sharing support
 desc    Create one calendar per page and share/subscribe via CalDAV
 url     http://www.dokuwiki.org/plugin:davcal