diff options
author | plegall <plg@piwigo.org> | 2014-06-03 08:07:32 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-06-03 08:07:32 +0000 |
commit | 8464fbbc172dd50bb41c81ace54bd3b4ac57b794 (patch) | |
tree | 89ba57a493017f1355362561b92d8aec2135c32d | |
parent | 4c1066c8f6dd05ca589ae89d48c54c95fdf7a2f7 (diff) |
bug 3082: increase generate_key randomness with openssl_random_pseudo_bytes (with fallback on mt_rand for Windows+PHP<5.3.4)
git-svn-id: http://piwigo.org/svn/trunk@28615 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | include/functions_session.inc.php | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index b3a79acec..aaa07fd07 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -58,19 +58,36 @@ if (isset($conf['session_save_handler']) * Characters used are a-z A-Z and numerical values. * * @param int $size - * @param string $alphabet chars to use in the key, - * default is all digits and all letters uppercase and lowercase * @return string */ -function generate_key($size, $alphabet='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') +function generate_key($size) { - $l = strlen($alphabet)-1; - $key = ''; - for ($i=0; $i<$size; $i++) + if ( + is_callable('openssl_random_pseudo_bytes') + and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR')) + ) { - $key.= $alphabet[mt_rand(0, $l)]; + return substr( + str_replace( + array('+', '/'), + '', + base64_encode(openssl_random_pseudo_bytes($size)) + ), + 0, + $size + ); + } + else + { + $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + $l = strlen($alphabet)-1; + $key = ''; + for ($i=0; $i<$size; $i++) + { + $key.= $alphabet[mt_rand(0, $l)]; + } + return $key; } - return $key; } /** |