diff options
| author | plegall <plg@piwigo.org> | 2016-05-13 10:25:03 +0200 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2016-05-13 10:25:03 +0200 |
| commit | bf81ba031575b8cd1ccc318f5d5a8f8ec7cb5049 (patch) | |
| tree | 77d9ad2ead636055912ba5c736dc5ba2d30823ea /include/functions_session.inc.php | |
| parent | a684afbdc33fc904734ee63152e3040dbdbaa1bd (diff) | |
fixes #479, fallback on srand.php to generate random bytes
when random_compat does not find a suitable random generator.
srand.php comes from https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP
Diffstat (limited to 'include/functions_session.inc.php')
| -rw-r--r-- | include/functions_session.inc.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 0829bcfda..e75f22e12 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -64,11 +64,21 @@ function generate_key($size) { include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php'); + try + { + $bytes = random_bytes($size+10); + } + catch (Exception $ex) + { + include_once(PHPWG_ROOT_PATH.'include/srand.php'); + $bytes = secure_random_bytes($size+10); + } + return substr( str_replace( array('+', '/'), '', - base64_encode(random_bytes($size+10)) + base64_encode($bytes) ), 0, $size |