From 4677b469044bc23e98b4cd265495dbffb9be335a Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 6 Nov 2018 22:22:02 -0500
Subject: vendor: update github.com/go-macaron/session (#5469)

Fix security flaw reported by c957861129d62331c5704d2f04d11e41.
---
 vendor/github.com/go-macaron/session/utils.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'vendor/github.com/go-macaron/session/utils.go')

diff --git a/vendor/github.com/go-macaron/session/utils.go b/vendor/github.com/go-macaron/session/utils.go
index 07a1283d..90ca3806 100644
--- a/vendor/github.com/go-macaron/session/utils.go
+++ b/vendor/github.com/go-macaron/session/utils.go
@@ -50,11 +50,14 @@ func DecodeGob(encoded []byte) (out map[interface{}]interface{}, err error) {
 	return out, err
 }
 
+// NOTE: A local copy in case of underlying package change
+var alphanum = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
+
 // generateRandomKey creates a random key with the given strength.
 func generateRandomKey(strength int) []byte {
 	k := make([]byte, strength)
 	if n, err := io.ReadFull(rand.Reader, k); n != strength || err != nil {
-		return com.RandomCreateBytes(strength)
+		return com.RandomCreateBytes(strength, alphanum...)
 	}
 	return k
 }
-- 
cgit v1.2.3