From 546a826f348f66965baa19e374669b8e481e1b9b Mon Sep 17 00:00:00 2001 From: Masaki Kagaya Date: Sun, 28 Jun 2015 14:17:04 +0900 Subject: [PATCH] add support for random_bytes and openssl_random_pseudo_bytes --- libs/csrf/csrfprotector.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libs/csrf/csrfprotector.php b/libs/csrf/csrfprotector.php index f610c20..5dda73f 100755 --- a/libs/csrf/csrfprotector.php +++ b/libs/csrf/csrfprotector.php @@ -295,7 +295,11 @@ public static function generateAuthToken() //#todo - if $length > 128 throw exception - if (function_exists("hash_algos") && in_array("sha512", hash_algos())) { + if (function_exists("random_bytes")) { + $token = base64_encode(random_bytes(96)); + } else if (function_exists("openssl_random_pseudo_bytes")) { + $token = base64_encode(openssl_random_pseudo_bytes(96)); + } else if (function_exists("hash_algos") && in_array("sha512", hash_algos())) { $token = hash("sha512", mt_rand(0, mt_getrandmax())); } else { $token = '';