jeff/timeline
1
0
Fork 0
mirror of https://github.com/sorenpeter/timeline.git synced 2025-12-15 10:57:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(session): add validation for minimum length in secret_key

Browse source
This commit is contained in:
eapl.mx 2024-12-24 14:35:52 -06:00
parent 1769eeb831
commit 57737e8cd4
No known key found for this signature in database
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/persistent_session.php
View file

@ -9,6 +9,10 @@ if (!empty($missing_keys)) {
die('Missing required keys in config.ini: ' . implode(', ', $missing_keys));
}
if (strlen($config['secret_key']) < 32) {
die('Secret key in config.ini must be at least 32 characters long');
}
const COOKIE_NAME = 'timeline_login';
const ENCRYPTION_METHOD = 'aes-256-cbc';
const EXPIRATION_DAYS = 30;
@ -113,7 +117,7 @@ function saveLogin() {
function isSavedCookieValid() {
$cookieExpiry = getCookieData();
if ($cookieExpiry === false) {
deletePersistentCookie();
return false;

6
private/config_template.ini
View file

@ -42,9 +42,9 @@ webmentions_txt_path = "./mentions.txt"
public_webmentions = "https://example.com/timeline/mentions.txt"
[security]
; Secret key to encrypt cookies
; Create a new one here: https://randomkeygen.com
secret_key = "553GkZzIYZKx5z0lftt4yKDG4aKb4sAG"
; Secret key to encrypt cookies of at least 256-bit (32 characters)
; Create one here: https://randomkeygen.com (CodeIgniter Encryption Keys)
secret_key = ""
; Simple password
password = "change_me"