Skip to content
Permalink
Browse files

Change Security::randomBytes() to fallback to mcrypt_create_iv()

  • Loading branch information...
chinpei215 committed Jan 19, 2018
1 parent d7ed033 commit 5289aae64ed3b2e3029245aad960d9d7cc35d5d5
Showing with 4 additions and 1 deletion.
  1. +4 −1 lib/Cake/Utility/Security.php
@@ -191,9 +191,12 @@ public static function randomBytes($length) {
if (function_exists('openssl_random_pseudo_bytes')) {
return openssl_random_pseudo_bytes($length);
}
if (function_exists('mcrypt_create_iv')) {
return mcrypt_create_iv($length);
}
trigger_error(
'You do not have a safe source of random data available. ' .
'Install either the openssl extension, or paragonie/random_compat. ' .
'Install either the openssl extension, the mcrypt extension, or paragonie/random_compat. ' .
'Falling back to an insecure random source.',
E_USER_WARNING
);

0 comments on commit 5289aae

Please sign in to comment.
You can’t perform that action at this time.