-
Improvement
-
Resolution: Fixed
-
Minor
-
3.0.7-PL1
-
None
-
None
To increase entropy
$user_actkey = gen_rand_string(10);
|
$key_len = 54 - (strlen($server_url));
|
$key_len = ($key_len < 6) ? 6 : $key_len;
|
$user_actkey = substr($user_actkey, 0, $key_len);
|
should be replaces with
$user_actkey = gen_rand_string(rand(6, 10));
|
c0836e8835f0b3105baecdc710cd101920d8339b already changed this in ucp_remind.php, but this code block still appears in acp_users.php, ucp_profile.php and ucp_register.php.
- blocks
-
-
- Unverified Fix
-
- is related to
-
PHPBB-5164 Honor minimum and maximum password length in generated passwords as much as possible.
-
- Closed
-