AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use PHP7 function random_bytes() to generate tokens if available

Browse Source
This commit is contained in:
Frederic Guillot
2015-11-15 16:31:26 -05:00
parent 5dc7a242bc
commit 4358708f1b
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Core/Security/Token.php
View File

@@ -21,8 +21,10 @@ class Token extends Base
*/
public static function getToken()
{
if (function_exists('openssl_random_pseudo_bytes')) {
return bin2hex(\openssl_random_pseudo_bytes(30));
if (function_exists('random_bytes')) {
return bin2hex(random_bytes(30));
} elseif (function_exists('openssl_random_pseudo_bytes')) {
return bin2hex(openssl_random_pseudo_bytes(30));
} elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
}