Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
commit 1dddd5252dff5fc5cccd2c9790989207187aac90 1 parent 8b220b9
@chillu chillu authored
Showing with 4 additions and 3 deletions.
  1. +4 −3 security/PasswordEncryptor.php
View
7 security/PasswordEncryptor.php
@@ -81,16 +81,17 @@ static function create_for_algorithm($algorithm) {
/**
* Return a string value stored in the {@link Member->Salt} property.
- * By default uses sha1() and mt_rand();
- *
* Note: Only used when {@link Security::$useSalt} is TRUE.
*
+ * @uses RandomGenerator
+ *
* @param String $password Cleartext password
* @param Member $member (Optional)
* @return String Maximum of 50 characters
*/
function salt($password, $member = null) {
- return substr(sha1(mt_rand()) . time(), 0, 50);
+ $generator = new RandomGenerator();
+ return substr($generator->generateHash('sha1'), 0, 50);
}
/**
Please sign in to comment.
Something went wrong with that request. Please try again.