Add more random sources

Added support for PHP 7 random_bytes() and the mcrypt package. Re #2567 Picked from 5a61bf5
symphonycms · Jun 16, 2017 · 0b2fdde · 0b2fdde
1 parent b0f9adf
commit 0b2fdde
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/symphony/lib/toolkit/class.xsrf.php b/symphony/lib/toolkit/class.xsrf.php
@@ -72,8 +72,18 @@ public static function generateNonce($length = 30)
             throw new Exception('$length must be greater than 0');
         }
 
+        // Use the new PHP 7 random_bytes call, if available
+        if (function_exists('random_bytes')) {
+            $random = random_bytes($length);
+        }
+
+        // Try mcrypt package, if available
+        else if (function_exists('mcrypt_create_iv')) {
+            $random = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+        }
+
         // Get some random binary data from open ssl, if available
-        if (function_exists('openssl_random_pseudo_bytes')) {
+        else if (function_exists('openssl_random_pseudo_bytes')) {
             $random = openssl_random_pseudo_bytes($length);
         }