From cc314690f49273b9d64349371c50f33d95cab8d7 Mon Sep 17 00:00:00 2001 From: Kazumasa Kohtaka Date: Thu, 6 Jul 2017 21:28:48 +0900 Subject: [PATCH] Avoid generating an identifer which starts with a number because it may be used as a SAML's ID attribute --- storage/storage.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/storage.go b/storage/storage.go index 8ea5ab2c..893fb100 100644 --- a/storage/storage.go +++ b/storage/storage.go @@ -30,8 +30,8 @@ func NewID() string { if _, err := io.ReadFull(rand.Reader, buff); err != nil { panic(err) } - // Trim padding - return strings.TrimRight(encoding.EncodeToString(buff), "=") + // Avoid the identifier to begin with number and trim padding + return string(buff[0]%26+'a') + strings.TrimRight(encoding.EncodeToString(buff[1:]), "=") } // GCResult returns the number of objects deleted by garbage collection.