From f51ee90c66527fd7ff634f3e8d414cb670da068d Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 26 Apr 2016 11:07:44 +0200
Subject: bug #470, use a dedicated lib to generate random bytes

---
 include/functions_session.inc.php | 37 +++++++++++--------------------------
 1 file changed, 11 insertions(+), 26 deletions(-)

(limited to 'include/functions_session.inc.php')

diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index fe43bc570..0829bcfda 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -62,32 +62,17 @@ if (isset($conf['session_save_handler'])
  */
 function generate_key($size)
 {
-  if (
-    is_callable('openssl_random_pseudo_bytes')
-    and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR'))
-    )
-  {
-    return substr(
-      str_replace(
-        array('+', '/'),
-        '',
-        base64_encode(openssl_random_pseudo_bytes($size+10))
-        ),
-      0,
-      $size
-      );
-  }
-  else
-  {
-    $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-    $l = strlen($alphabet)-1;
-    $key = '';
-    for ($i=0; $i<$size; $i++)
-    {
-      $key.= $alphabet[mt_rand(0, $l)];
-    }
-    return $key;
-  }
+  include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php');
+
+  return substr(
+    str_replace(
+      array('+', '/'),
+      '',
+      base64_encode(random_bytes($size+10))
+      ),
+    0,
+    $size
+    );
 }
 
 /**
-- 
cgit v1.2.3