Change Security::randomBytes() to fallback to mcrypt_create_iv()

cakephp · Jan 19, 2018 · 5289aae · 5289aae
1 parent d7ed033
commit 5289aae
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/Cake/Utility/Security.php b/lib/Cake/Utility/Security.php
@@ -191,9 +191,12 @@ public static function randomBytes($length) {
 		if (function_exists('openssl_random_pseudo_bytes')) {
 			return openssl_random_pseudo_bytes($length);
 		}
+		if (function_exists('mcrypt_create_iv')) {
+			return mcrypt_create_iv($length);
+		}
 		trigger_error(
 			'You do not have a safe source of random data available. ' .
-			'Install either the openssl extension, or paragonie/random_compat. ' .
+			'Install either the openssl extension, the mcrypt extension, or paragonie/random_compat. ' .
 			'Falling back to an insecure random source.',
 			E_USER_WARNING
 		);