Use random string rather than sha string

As discussed on chat
https://chat.civicrm.org/civicrm/pl/r7h6cc7xo78zjgsd8af6ff9tee

this function just generates a hard-to-guess string that is stored
in the civicrm_mailing_event_bounce table. This unique value is
used in conjunction with the unique id value from the table to
determine if it is a match but it's not ever reverse calculated
so we don't need to use a reversable function

diff --git a/CRM/Mailing/Event/BAO/MailingEventQueue.php b/CRM/Mailing/Event/BAO/MailingEventQueue.php
index 05d2cca855f8f6c5e433e15fc231842d7ad5e2ce..aa8e99d69db84f9cf51fef67d1111fa3c444581e 100644 (file)
--- a/CRM/Mailing/Event/BAO/MailingEventQueue.php
+++ b/CRM/Mailing/Event/BAO/MailingEventQueue.php
@@ -36,21 +36,24 @@ class CRM_Mailing_Event_BAO_MailingEventQueue extends CRM_Mailing_Event_DAO_Mail
   }
 
   /**
-   * Create a security hash from the job, email and contact ids.
+   * Create a unique-ish string to stare in the hash table.
    *
-   * @param array $params
+   * This is included in verp emails such that bounces go to a unique
+   * address (e.g. b.123456.456ABC456ABC.my-email-address@example.com). In this case
+   * b is the action (bounce), 123456 is the queue_id and the last part is the
+   * random string from this function. Note that the local part of the email
+   * can have a max of 64 characters
+   *
+   * https://issues.civicrm.org/jira/browse/CRM-2574
+   *
+   * The hash combined with the queue id provides a fairly unguessable combo for the emails
+   * (enough that a sysadmin should notice if someone tried to brute force it!)
    *
    * @return string
    *   The hash
    */
-  public static function hash($params) {
-    $jobId = $params['job_id'];
-    $emailId = CRM_Utils_Array::value('email_id', $params, '');
-    $contactId = $params['contact_id'];
-
-    return substr(sha1("{$jobId}:{$emailId}:{$contactId}:" . time()),
-      0, 16
-    );
+  public static function hash() {
+    return base64_encode(random_bytes(16));
   }
 
   /**