vendor: update github.com/go-macaron/session (#5469)

Fix security flaw reported by c957861129d62331c5704d2f04d11e41.
author: Unknwon <u@gogs.io> 2018-11-06 22:22:02 -0500
committer: Unknwon <u@gogs.io> 2018-11-06 22:22:02 -0500
commit: 4677b469044bc23e98b4cd265495dbffb9be335a (patch)
tree: 3dfd6f45a455aea432b440794100f01a1a9a46f6 /vendor/github.com/go-macaron/session/utils.go
parent: a4dd2b1916079614ad590259a3ac5d18bcc245a4 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/vendor/github.com/go-macaron/session/utils.go b/vendor/github.com/go-macaron/session/utils.go
index 07a1283d..90ca3806 100644
--- a/vendor/github.com/go-macaron/session/utils.go
+++ b/vendor/github.com/go-macaron/session/utils.go
@@ -50,11 +50,14 @@ func DecodeGob(encoded []byte) (out map[interface{}]interface{}, err error) {
 	return out, err
 }
 
+// NOTE: A local copy in case of underlying package change
+var alphanum = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
+
 // generateRandomKey creates a random key with the given strength.
 func generateRandomKey(strength int) []byte {
 	k := make([]byte, strength)
 	if n, err := io.ReadFull(rand.Reader, k); n != strength || err != nil {
-		return com.RandomCreateBytes(strength)
+		return com.RandomCreateBytes(strength, alphanum...)
 	}
 	return k
 }
author	Unknwon <u@gogs.io>	2018-11-06 22:22:02 -0500
committer	Unknwon <u@gogs.io>	2018-11-06 22:22:02 -0500
commit	4677b469044bc23e98b4cd265495dbffb9be335a (patch)
tree	3dfd6f45a455aea432b440794100f01a1a9a46f6 /vendor/github.com/go-macaron/session/utils.go
parent	a4dd2b1916079614ad590259a3ac5d18bcc245a4 (diff)