Fix secure tripcode hardening

2013-09-23 12:53:44 +10:00 · 2013-09-23 12:53:44 +10:00 · 9cf6814776
commit 9cf6814776
parent 699279d84a
1 changed files with 1 additions and 2 deletions
--- a/inc/functions.php
+++ b/inc/functions.php
@ -1973,14 +1973,13 @@ function generate_tripcode($name) {
 		if (isset($config['custom_tripcode']["##{$trip}"]))
 			$trip = $config['custom_tripcode']["##{$trip}"];
 		else
-			$trip = '!!' . substr(crypt($trip, $salt . $config['secure_trip_salt']), -10);
+			$trip = '!!' . substr(crypt($trip, substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 9)), -10);
 	} else {
 		if (isset($config['custom_tripcode']["#{$trip}"]))
 			$trip = $config['custom_tripcode']["#{$trip}"];
 		else
 			$trip = '!' . substr(crypt($trip, $salt), -10);
 	}
-
 	return array($name, $trip);
 }