From bf81ba031575b8cd1ccc318f5d5a8f8ec7cb5049 Mon Sep 17 00:00:00 2001 From: plegall Date: Fri, 13 May 2016 10:25:03 +0200 Subject: fixes #479, fallback on srand.php to generate random bytes when random_compat does not find a suitable random generator. srand.php comes from https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP --- include/functions_session.inc.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'include/functions_session.inc.php') diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 0829bcfda..e75f22e12 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -64,11 +64,21 @@ function generate_key($size) { include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php'); + try + { + $bytes = random_bytes($size+10); + } + catch (Exception $ex) + { + include_once(PHPWG_ROOT_PATH.'include/srand.php'); + $bytes = secure_random_bytes($size+10); + } + return substr( str_replace( array('+', '/'), '', - base64_encode(random_bytes($size+10)) + base64_encode($bytes) ), 0, $size -- cgit v1.2.3