diff --git a/app/Handlers/Events/UserEventHandler.php b/app/Handlers/Events/UserEventHandler.php index 91964dd90d..964d0b11e1 100644 --- a/app/Handlers/Events/UserEventHandler.php +++ b/app/Handlers/Events/UserEventHandler.php @@ -165,7 +165,8 @@ class UserEventHandler $user = $event->user; $ipAddress = $event->ipAddress; $token = app('preferences')->getForUser($user, 'email_change_undo_token', 'invalid'); - $uri = route('profile.undo-email-change', [$token->data, hash('sha256', $oldEmail)]); + $hashed = hash('sha256', sprintf('%s%s', (string) config('app.key'), $oldEmail)); + $uri = route('profile.undo-email-change', [$token->data,$hashed]); try { Mail::to($oldEmail)->send(new UndoEmailChangeMail($newEmail, $oldEmail, $uri, $ipAddress)); // @codeCoverageIgnoreStart diff --git a/app/Http/Controllers/JavascriptController.php b/app/Http/Controllers/JavascriptController.php index 240c78a98d..5bd6bc9874 100644 --- a/app/Http/Controllers/JavascriptController.php +++ b/app/Http/Controllers/JavascriptController.php @@ -126,7 +126,7 @@ class JavascriptController extends Controller /** @noinspection NullPointerExceptionInspection */ $lang = $pref->data; $dateRange = $this->getDateRangeConfig(); - $uid = substr(hash('sha256', auth()->user()->id . auth()->user()->email), 0, 12); + $uid = substr(hash('sha256', sprintf('%s-%s-%s', (string) config('app.key'), auth()->user()->id, auth()->user()->email)), 0, 12); $data = [ 'currencyCode' => $currency->code, diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 32da7e878c..9c84f76e5a 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -555,7 +555,7 @@ class ProfileController extends Controller /** @var string $match */ $match = null; foreach ($set as $entry) { - $hashed = hash('sha256', $entry->data); + $hashed = hash('sha256', sprintf('%s%s', (string) config('app.key'), $entry->data)); if ($hashed === $hash) { $match = $entry->data; break; diff --git a/app/Repositories/ImportJob/ImportJobRepository.php b/app/Repositories/ImportJob/ImportJobRepository.php index b8ae64da08..58b7547589 100644 --- a/app/Repositories/ImportJob/ImportJobRepository.php +++ b/app/Repositories/ImportJob/ImportJobRepository.php @@ -384,7 +384,7 @@ class ImportJobRepository implements ImportJobRepositoryInterface $attachment = new Attachment; // create Attachment object. $attachment->user()->associate($job->user); $attachment->attachable()->associate($job); - $attachment->md5 = md5($content); + $attachment->md5 = substr(hash('sha256', $content), 0, 32); // limit due to DB. $attachment->filename = $name; $attachment->mime = 'plain/txt'; $attachment->size = strlen($content); diff --git a/app/Services/Password/PwndVerifierV2.php b/app/Services/Password/PwndVerifierV2.php index f1281b96ae..18c300e572 100644 --- a/app/Services/Password/PwndVerifierV2.php +++ b/app/Services/Password/PwndVerifierV2.php @@ -58,8 +58,11 @@ class PwndVerifierV2 implements Verifier $rest = substr($hash, 5); $uri = sprintf('https://api.pwnedpasswords.com/range/%s', $prefix); $opt = [ - 'headers' => ['User-Agent' => 'Firefly III v' . config('firefly.version')], - 'timeout' => 5]; + 'headers' => [ + 'User-Agent' => 'Firefly III v' . config('firefly.version'), + 'Add-Padding' => 'true', + ], + 'timeout' => 3.1415]; Log::debug(sprintf('hash prefix is %s', $prefix)); Log::debug(sprintf('rest is %s', $rest)); @@ -87,7 +90,7 @@ class PwndVerifierV2 implements Verifier return true; } - Log::debug(sprintf('Could not find %s, return FALSE.', $rest)); + Log::debug(sprintf('Found %s, return FALSE.', $rest)); return false; } diff --git a/app/Support/CacheProperties.php b/app/Support/CacheProperties.php index 4ae5edef1b..7472bc91c9 100644 --- a/app/Support/CacheProperties.php +++ b/app/Support/CacheProperties.php @@ -101,8 +101,8 @@ class CacheProperties { $content = ''; foreach ($this->properties as $property) { - $content .= json_encode($property); + $content .= json_encode($property, JSON_THROW_ON_ERROR, 512); } - $this->hash = substr(sha1($content), 0, 16); + $this->hash = substr(hash('sha256', $content), 0, 16); } } diff --git a/app/Support/Preferences.php b/app/Support/Preferences.php index f3d017b64d..42b231ba4b 100644 --- a/app/Support/Preferences.php +++ b/app/Support/Preferences.php @@ -26,7 +26,6 @@ use Cache; use Exception; use FireflyIII\Models\Preference; use FireflyIII\User; -use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Support\Collection; use Log; use Session; @@ -200,7 +199,7 @@ class Preferences $lastActivity = implode(',', $lastActivity); } - return md5($lastActivity); + return hash('sha256', $lastActivity); } /** diff --git a/database/migrations/2016_06_16_000002_create_main_tables.php b/database/migrations/2016_06_16_000002_create_main_tables.php index d4532a4871..0ca75aaf55 100644 --- a/database/migrations/2016_06_16_000002_create_main_tables.php +++ b/database/migrations/2016_06_16_000002_create_main_tables.php @@ -133,7 +133,7 @@ class CreateMainTables extends Migration $table->integer('user_id', false, true); $table->integer('attachable_id', false, true); $table->string('attachable_type', 255); - $table->string('md5', 32); + $table->string('md5', 128); $table->string('filename', 1024); $table->string('title', 1024)->nullable(); $table->text('description')->nullable();