diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-11-15 16:31:26 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-11-15 16:31:26 -0500 |
| commit | 4358708f1b6c4e0463597da857b36c7415ae406f (patch) | |
| tree | 53070a2c14aa4f76eb525ada78d3e5407d282711 | |
| parent | 5dc7a242bc3100b3834722c097d8b241a4fd1e65 (diff) | |
Use PHP7 function random_bytes() to generate tokens if available
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Core/Security/Token.php | 6 |
2 files changed, 5 insertions, 2 deletions
@@ -8,6 +8,7 @@ New features: Improvements: * Improve error handling of plugins +* Use PHP7 function random_bytes() to generate tokens if available Internal code refactoring: diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php index 2bb66ef2..9fd2d02b 100644 --- a/app/Core/Security/Token.php +++ b/app/Core/Security/Token.php @@ -21,8 +21,10 @@ class Token extends Base */ public static function getToken() { - if (function_exists('openssl_random_pseudo_bytes')) { - return bin2hex(\openssl_random_pseudo_bytes(30)); + if (function_exists('random_bytes')) { + return bin2hex(random_bytes(30)); + } elseif (function_exists('openssl_random_pseudo_bytes')) { + return bin2hex(openssl_random_pseudo_bytes(30)); } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); } |