small security/privacy suggestion #31
Description
Thank you for your work, I just have a small suggestion:
rand_str function using mt_rand isn't cryptographically secure, a motivated attacker could use a known filename to potentially enumerate other files in the folder, which could be bad if sensitive files have been uploaded in a self hosted server with the assumption nobody will guess the filenames and view them even if the folder can't be indexed or searched from a random user.
function rnd_str(int $len) : string
{
// The character set for the random string
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
$max_idx = strlen($chars) - 1;
$out = '';
// Generate cryptographically secure random bytes
$random_bytes = random_bytes($len);
// Map each random byte to a character in the allowed set
for ($i = 0; $i < $len; ++$i)
{
// ord() gets the integer value of the byte
// The modulo operator maps it to an index within our character set
$out .= $chars[ord($random_bytes[$i]) % ($max_idx + 1)];
}
return $out;
}
I know it's not a huge deal but it's better to be secure by default and let the user configure it however insecurely they want, in my opinion.
Consider using random_bytes() instead of mt_rand() and also increasing:
const MIN_ID_LENGTH = 3;
to at least 10 or more.