aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-06-03 08:07:32 +0000
committerplegall <plg@piwigo.org>2014-06-03 08:07:32 +0000
commit8464fbbc172dd50bb41c81ace54bd3b4ac57b794 (patch)
tree89ba57a493017f1355362561b92d8aec2135c32d
parent4c1066c8f6dd05ca589ae89d48c54c95fdf7a2f7 (diff)
bug 3082: increase generate_key randomness with openssl_random_pseudo_bytes (with fallback on mt_rand for Windows+PHP<5.3.4)
git-svn-id: http://piwigo.org/svn/trunk@28615 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/functions_session.inc.php33
1 files changed, 25 insertions, 8 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index b3a79acec..aaa07fd07 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -58,19 +58,36 @@ if (isset($conf['session_save_handler'])
* Characters used are a-z A-Z and numerical values.
*
* @param int $size
- * @param string $alphabet chars to use in the key,
- * default is all digits and all letters uppercase and lowercase
* @return string
*/
-function generate_key($size, $alphabet='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
+function generate_key($size)
{
- $l = strlen($alphabet)-1;
- $key = '';
- for ($i=0; $i<$size; $i++)
+ if (
+ is_callable('openssl_random_pseudo_bytes')
+ and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR'))
+ )
{
- $key.= $alphabet[mt_rand(0, $l)];
+ return substr(
+ str_replace(
+ array('+', '/'),
+ '',
+ base64_encode(openssl_random_pseudo_bytes($size))
+ ),
+ 0,
+ $size
+ );
+ }
+ else
+ {
+ $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+ $l = strlen($alphabet)-1;
+ $key = '';
+ for ($i=0; $i<$size; $i++)
+ {
+ $key.= $alphabet[mt_rand(0, $l)];
+ }
+ return $key;
}
- return $key;
}
/**