diff options
| author | plegall <plg@piwigo.org> | 2016-04-26 11:07:44 +0200 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2016-04-26 11:07:44 +0200 |
| commit | f51ee90c66527fd7ff634f3e8d414cb670da068d (patch) | |
| tree | 2550f0753f14ed594dbf99cb65675fa02b49fe21 /include/functions_session.inc.php | |
| parent | a3c46de7511cb5b66f59375d225b1f0fb66ae988 (diff) | |
bug #470, use a dedicated lib to generate random bytes
Diffstat (limited to 'include/functions_session.inc.php')
| -rw-r--r-- | include/functions_session.inc.php | 21 |
1 files changed, 3 insertions, 18 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index fe43bc570..0829bcfda 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -62,33 +62,18 @@ if (isset($conf['session_save_handler']) */ function generate_key($size) { - if ( - is_callable('openssl_random_pseudo_bytes') - and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR')) - ) - { + include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php'); + return substr( str_replace( array('+', '/'), '', - base64_encode(openssl_random_pseudo_bytes($size+10)) + base64_encode(random_bytes($size+10)) ), 0, $size ); } - else - { - $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - $l = strlen($alphabet)-1; - $key = ''; - for ($i=0; $i<$size; $i++) - { - $key.= $alphabet[mt_rand(0, $l)]; - } - return $key; - } -} /** * Called by PHP session manager, always return true. |