From 984933e5866c280eee34a8c2e16b0edcc94ac4d0 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 14 Jul 2017 14:03:25 +0200
Subject: [PATCH] Only use readable chars in Share Tokens

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/dav/lib/CalDAV/CalDavBackend.php        | 2 +-
 apps/sharebymail/lib/ShareByMailProvider.php | 3 +--
 lib/private/Share/Share.php                  | 3 +--
 lib/private/Share20/Manager.php              | 8 ++------
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php
index 7fe18cd8656..0193d3c2aae 100644
--- a/apps/dav/lib/CalDAV/CalDavBackend.php
+++ b/apps/dav/lib/CalDAV/CalDavBackend.php
@@ -1925,7 +1925,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 	public function setPublishStatus($value, $calendar) {
 		$query = $this->db->getQueryBuilder();
 		if ($value) {
-			$publicUri = $this->random->generate(16, ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS);
+			$publicUri = $this->random->generate(16, ISecureRandom::CHAR_HUMAN_READABLE);
 			$query->insert('dav_shares')
 				->values([
 					'principaluri' => $query->createNamedParameter($calendar->getPrincipalURI()),
diff --git a/apps/sharebymail/lib/ShareByMailProvider.php b/apps/sharebymail/lib/ShareByMailProvider.php
index f4db83ea3cf..a17c34da5db 100644
--- a/apps/sharebymail/lib/ShareByMailProvider.php
+++ b/apps/sharebymail/lib/ShareByMailProvider.php
@@ -541,8 +541,7 @@ class ShareByMailProvider implements IShareProvider {
 	 * @return string
 	 */
 	protected function generateToken($size = 15) {
-		$token = $this->secureRandom->generate(
-			$size, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
+		$token = $this->secureRandom->generate($size, ISecureRandom::CHAR_HUMAN_READABLE);
 		return $token;
 	}
 
diff --git a/lib/private/Share/Share.php b/lib/private/Share/Share.php
index dc96d856ba6..8938c6f3066 100644
--- a/lib/private/Share/Share.php
+++ b/lib/private/Share/Share.php
@@ -913,8 +913,7 @@ class Share extends Constants {
 					$token = $oldToken;
 				} else {
 					$token = \OC::$server->getSecureRandom()->generate(self::TOKEN_LENGTH,
-						\OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_UPPER.
-						\OCP\Security\ISecureRandom::CHAR_DIGITS
+						\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
 					);
 				}
 				$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions,
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 7c39733ce2a..03c900d36c6 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -581,9 +581,7 @@ class Manager implements IManager {
 			$share->setToken(
 				$this->secureRandom->generate(
 					\OC\Share\Constants::TOKEN_LENGTH,
-					\OCP\Security\ISecureRandom::CHAR_LOWER.
-					\OCP\Security\ISecureRandom::CHAR_UPPER.
-					\OCP\Security\ISecureRandom::CHAR_DIGITS
+					\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
 				)
 			);
 
@@ -601,9 +599,7 @@ class Manager implements IManager {
 			$share->setToken(
 				$this->secureRandom->generate(
 					\OC\Share\Constants::TOKEN_LENGTH,
-					\OCP\Security\ISecureRandom::CHAR_LOWER.
-					\OCP\Security\ISecureRandom::CHAR_UPPER.
-					\OCP\Security\ISecureRandom::CHAR_DIGITS
+					\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
 				)
 			);
 		}
-- 
GitLab