mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-20 10:54:12 +01:00
Compare commits
4 Commits
develop
...
issue/8549
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
c3cf07efc9 | ||
|
|
829bc3bf42 | ||
|
|
504ecf42a5 | ||
|
|
4ac5269b7c |
@@ -362,8 +362,7 @@ class ormDocument
|
||||
throw new Exception("Invalid id ($id) for class '$sClass' - the object does not exist or you are not allowed to view it");
|
||||
}
|
||||
}
|
||||
if (($sSecretField != null) && ($oObj->Get($sSecretField) != $sSecretValue)) {
|
||||
usleep(200);
|
||||
if (($sSecretField != null) && !hash_equals($oObj->Get($sSecretField), $sSecretValue)) {
|
||||
throw new Exception("Invalid secret for class '$sClass' - the object does not exist or you are not allowed to view it");
|
||||
}
|
||||
/** @var \ormDocument $oDocument */
|
||||
|
||||
@@ -2136,7 +2136,7 @@ EOF
|
||||
$oAttachment->Set('item_class', $sObjClass);
|
||||
$oAttachment->SetDefaultOrgId();
|
||||
$oAttachment->Set('contents', $oDoc);
|
||||
$oAttachment->Set('secret', sprintf('%06x', mt_rand(0, 0xFFFFFF))); // something not easy to guess
|
||||
$oAttachment->Set('secret', bin2hex(random_bytes(16))); // 128 bits of entropy, cryptographically secure
|
||||
$iAttId = $oAttachment->DBInsert();
|
||||
|
||||
$aResult['uploaded'] = 1;
|
||||
@@ -2194,7 +2194,7 @@ EOF
|
||||
$oAttachment->Set('item_class', $sObjClass);
|
||||
$oAttachment->SetDefaultOrgId();
|
||||
$oAttachment->Set('contents', $oDoc);
|
||||
$oAttachment->Set('secret', sprintf('%06x', mt_rand(0, 0xFFFFFF))); // something not easy to guess
|
||||
$oAttachment->Set('secret', bin2hex(random_bytes(16))); // 128 bits of entropy, cryptographically secure
|
||||
$iAttId = $oAttachment->DBInsert();
|
||||
|
||||
IssueLog::Trace('InlineImage created', LogChannels::INLINE_IMAGE, [
|
||||
|
||||
Reference in New Issue
Block a user