From bf81ba031575b8cd1ccc318f5d5a8f8ec7cb5049 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 13 May 2016 10:25:03 +0200
Subject: fixes #479, fallback on srand.php to generate random bytes

when random_compat does not find a suitable random generator.

srand.php comes from https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP
---
 include/functions_session.inc.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'include/functions_session.inc.php')

diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 0829bcfda..e75f22e12 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -64,11 +64,21 @@ function generate_key($size)
 {
   include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php');
 
+  try
+  {
+    $bytes = random_bytes($size+10);
+  }
+  catch (Exception $ex)
+  {
+    include_once(PHPWG_ROOT_PATH.'include/srand.php');
+    $bytes = secure_random_bytes($size+10);
+  }
+
   return substr(
     str_replace(
       array('+', '/'),
       '',
-      base64_encode(random_bytes($size+10))
+      base64_encode($bytes)
       ),
     0,
     $size
-- 
cgit v1.2.3