/branches/2.8.x/wb/framework/SecureTokens.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 2140

class SecureTokens::addToken() fixed integer overflow problem on 32bit platforms

      */
         private function addToken($sTokenName, $sValue)
+        {
             $sTokenName = substr($sTokenName, 0, 16);
             // limit TokenName to 16 digits
             $sTokenName = substr(str_pad($sTokenName, 16, '0', STR_PAD_LEFT), -16);
             // make sure, first digit is a alpha char [a-f]
             $sTokenName[0] = dechex(10 + (hexdec($sTokenName[0]) % 5));
             // loop as long the generated TokenName already exists in list
             while (isset($this->aTokens[$sTokenName])) {
                 $sTokenName = sprintf('%16x', hexdec($sTokenName)+1);
                 // split TokenName into 4 words
                 $aWords = str_split($sTokenName, 4);
                 // get lowest word and increment it
                 $iWord = hexdec($aWords[3]) + 1;
                 // reformat integer into a 4 digit hex string
                 $aWords[3] = sprintf('%04x', ($iWord > 0xffff ? 1 : $iWord));
                 // rebuild the TokenName
                 $sTokenName = implode('', $aWords);
+            }
             // store Token in list
             $this->aTokens[$sTokenName] = array(
                 'value'    => $sValue,
                 'expire'   => $this->iExpireTime,

Also available in: Unified diff