From 813d5f01dda22bf5bdacac3b1e4730581e6005ed Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Sun, 7 Jul 2013 15:29:37 +0100
Subject: [PATCH] Increase salt length to 12, handle line breaks

Increase salt from 9 to 12 chars to move along with technology
Replace all backslashes with 2. This means we escape PHP and then JS to
ensure we will maintain \n instead of ending up with a line break
---
 lib/settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/settings.php b/lib/settings.php
index 0a4beed..758ec64 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -40,7 +40,7 @@ if (get_magic_quotes_gpc ()) {
 }
 
 // Function to handle salted hashing
-define('SALT_LENGTH',9);
+define('SALT_LENGTH',12);
 function generateHash($plainText,$salt=null) {
 	if ($salt === null) {
 		$salt = substr(md5(uniqid(rand(), true)),0,SALT_LENGTH);
@@ -135,7 +135,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 	$ICEcoder["bannedFiles"]		= 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedFiles']))).'")';
 	$ICEcoder["bannedPaths"]		= 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedPaths']))).'")';
 	$ICEcoder["allowedIPs"]			= 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['allowedIPs']))).'")';
-	$ICEcoder["plugins"]			= 'array('.PHP_EOL.'	array('.PHP_EOL.'	'.str_replace('====================','),'.PHP_EOL.'	array(',$_POST['plugins']).'))';
+	$ICEcoder["plugins"]			= 'array('.PHP_EOL.'	array('.PHP_EOL.'	'.str_replace('====================','),'.PHP_EOL.'	array(',str_replace("\\","\\\\",$_POST['plugins'])).'))';
 	$ICEcoder["theme"]			= strClean($_POST['theme']);
 	$ICEcoder["fontSize"]			= strClean($_POST['fontSize']);
 	$ICEcoder["lineWrapping"]		= strClean($_POST['lineWrapping']);