[Pkg-owncloud-commits] [owncloud] 37/95: URLEncode logout attribute

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v8.0.1
in repository owncloud.

commit f4f5097b00742f1b2d6b12d03905402fccd79ce1
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Fri Feb 13 11:35:12 2015 +0100

    URLEncode logout attribute
    
    Otherwise logout can fail if the requesttoken contains a +
---
 lib/private/security/securerandom.php | 5 ++---
 lib/private/user.php                  | 2 +-
 lib/public/security/isecurerandom.php | 5 +++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php
index 2402e86..8c6ba34 100644
--- a/lib/private/security/securerandom.php
+++ b/lib/private/security/securerandom.php
@@ -64,12 +64,11 @@ class SecureRandom implements ISecureRandom {
 	 * Generate a random string of specified length.
 	 * @param string $length The length of the generated string
 	 * @param string $characters An optional list of characters to use if no characterlist is
-	 * 							specified 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./
-	 * 							is used.
+	 * 							specified all valid base64 characters except + (plus sign) are used.
 	 * @return string
 	 * @throws \Exception If the generator is not initialized.
 	 */
-	public function generate($length, $characters = '') {
+	public function generate($length, $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./') {
 		if(is_null($this->generator)) {
 			throw new \Exception('Generator is not initialized.');
 		}
diff --git a/lib/private/user.php b/lib/private/user.php
index d1fedff..10457c2 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -366,7 +366,7 @@ class OC_User {
 			return $backend->getLogoutAttribute();
 		}
 
-		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
+		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
 	}
 
 	/**
diff --git a/lib/public/security/isecurerandom.php b/lib/public/security/isecurerandom.php
index 3de60f8..8d03a06 100644
--- a/lib/public/security/isecurerandom.php
+++ b/lib/public/security/isecurerandom.php
@@ -53,9 +53,10 @@ interface ISecureRandom {
 	/**
 	 * Generate a random string of specified length.
 	 * @param string $length The length of the generated string
-	 * @param string $characters An optional list of characters to use
+	 * @param string $characters An optional list of characters to use if no characterlist is
+	 * 							specified all valid base64 characters except + (plus sign) are used.
 	 * @return string
-	 * @throws \Exception
+	 * @throws \Exception If the generator is not initialized.
 	 */
 	public function generate($length, $characters = '');
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git