File tree Expand file tree Collapse file tree 4 files changed +23
-6
lines changed
Expand file tree Collapse file tree 4 files changed +23
-6
lines changed Original file line number Diff line number Diff line change @@ -48,6 +48,9 @@ Please report security bugs found in the source code of the bdvs-password-reset
4848[ Report a security vulnerability.] ( https://patchstack.com/database/vdp/bdvs-password-reset )
4949
5050## Change Log
51+ - 0.0.17
52+ - switched to a cryptographically secure function to generate reset codes
53+ - updated compatibility to 6.8.1
5154 - 0.0.16
5255 - updated compatibility to 6.3
5356 - By default users with the administrator role are no longer able to reset their password using this plugin
Original file line number Diff line number Diff line change 66 * Plugin Name: REST API Password Reset with Code
77 * Plugin URI: https://www.bedevious.co.uk/
88 * Description: Allow users to reset their password using a random 4 digit code via the REST API
9- * Version: 0.0.16
9+ * Version: 0.0.17
1010 * Author: Be Devious Web Development
1111 * Author URI: https://www.bedevious.co.uk/
1212 * License: GNU GPLv3
Original file line number Diff line number Diff line change @@ -18,7 +18,7 @@ function bdpwr_generate_4_digit_code() {
1818 */
1919
2020 $ lengthapply_filters ( 'bdpwr_code_length ' , 8 );
21- $ selection_string'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!£$%^&*()_+-={}[]@~\#<>?/| \\' ;
21+ $ selection_string'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!£$%^&*()_+-={}[]@~\#<>?/| \\' ;
2222
2323 /**
2424 *
@@ -27,9 +27,16 @@ function bdpwr_generate_4_digit_code() {
2727 * @param $string str the string to select a code from
2828 */
2929
30- $ selection_stringapply_filters ( 'bdpwr_selection_string ' , $ selection_string
30+ $ selection_stringapply_filters ( 'bdpwr_selection_string ' , $ selection_string
3131
32- return substr ( str_shuffle ( $ selection_string0 , $ length
32+ $ max_indexstrlen ( $ selection_string1 ;
33+ $ code'' ;
34+ for ( $ i0 ; $ i$ length$ i
35+ $ indexrandom_int ( 0 , $ max_index
36+ $ code$ selection_string$ index
37+ }
38+
39+ return $ code
3340}
3441
3542
Original file line number Diff line number Diff line change 33Contributors: dominic_ks, wpamitkumar
44Tags: wp-api, password reset
55Requires at least: 4.6
6- Tested up to: 6.3
6+ Tested up to: 6.8.1
77Requires PHP: 5.4
8- Stable tag: 0.0.16
8+ Stable tag: 0.0.17
99License: GNU GPLv3
1010License URI: https://www.gnu.org/licenses/gpl-3.0
1111
@@ -266,6 +266,9 @@ Please report security bugs found in the source code of the bdvs-password-reset
266266
267267== Upgrade Notice ==
268268
269+ = 0.0.17 =
270+ * switched to a cryptographically secure function to generate reset codes
271+ * updated compatibility to 6.8.1
269272 = 0.0.16 =
270273 * updated compatibility to 6.3
271274 * By default users with the administrator role are no longer able to reset their password using this plugin
@@ -276,6 +279,10 @@ Please report security bugs found in the source code of the bdvs-password-reset
276279 Security enhancements
277280
278281== Changelog ==
282+ = 0.0.17 =
283+ * switched to a cryptographically secure function to generate reset codes
284+ * updated compatibility to 6.5
285+
279286 = 0.0.16 =
280287 * updated compatibility to 6.3
281288 * By default users with the administrator role are no longer able to reset their password using this plugin
You can’t perform that action at this time.
0 commit comments