From 4358708f1b6c4e0463597da857b36c7415ae406f Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 15 Nov 2015 16:31:26 -0500
Subject: Use PHP7 function random_bytes() to generate tokens if available

---
 app/Core/Security/Token.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'app/Core')

diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php
index 2bb66ef2..9fd2d02b 100644
--- a/app/Core/Security/Token.php
+++ b/app/Core/Security/Token.php
@@ -21,8 +21,10 @@ class Token extends Base
      */
     public static function getToken()
     {
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            return bin2hex(\openssl_random_pseudo_bytes(30));
+        if (function_exists('random_bytes')) {
+            return bin2hex(random_bytes(30));
+        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+            return bin2hex(openssl_random_pseudo_bytes(30));
         } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
             return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
         }
-- 
cgit v1.2.3