diff options
author | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:49:21 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:49:21 -0500 |
commit | f01c994de8d6f54a5bef1523319c6da88048c146 (patch) | |
tree | f9f1a59d7cfcb10db208e54348a451d15facd9c5 /includes/common.inc | |
parent | 3611e1670591e657dd6e6000f98d061def471654 (diff) | |
parent | 782d1155c62c0a879bf587c7e40c3a13bcf6879c (diff) | |
download | brdo-f01c994de8d6f54a5bef1523319c6da88048c146.tar.gz brdo-f01c994de8d6f54a5bef1523319c6da88048c146.tar.bz2 |
Merge tag '7.24' into 7.x
7.24 release
Conflicts:
CHANGELOG.txt
includes/bootstrap.inc
Diffstat (limited to 'includes/common.inc')
-rw-r--r-- | includes/common.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc index 71651136b..6f85b5248 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -5042,7 +5042,7 @@ function drupal_json_output($var = NULL) { */ function drupal_get_private_key() { if (!($key = variable_get('drupal_private_key', 0))) { - $key = drupal_hash_base64(drupal_random_bytes(55)); + $key = drupal_random_key(); variable_set('drupal_private_key', $key); } return $key; @@ -5081,7 +5081,7 @@ function drupal_get_token($value = '') { */ function drupal_valid_token($token, $value = '', $skip_anonymous = FALSE) { global $user; - return (($skip_anonymous && $user->uid == 0) || ($token == drupal_get_token($value))); + return (($skip_anonymous && $user->uid == 0) || ($token === drupal_get_token($value))); } function _drupal_bootstrap_full() { @@ -5114,6 +5114,10 @@ function _drupal_bootstrap_full() { module_load_all(); // Make sure all stream wrappers are registered. file_get_stream_wrappers(); + // Ensure mt_rand is reseeded, to prevent random values from one page load + // being exploited to predict random values in subsequent page loads. + $seed = unpack("L", drupal_random_bytes(4)); + mt_srand($seed[1]); $test_info = &$GLOBALS['drupal_test_info']; if (!empty($test_info['in_child_site'])) { |