php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-04 22:57:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fallback at Security::generateRandomKey() removed

Browse Source
This commit is contained in:
Paul Klimov
2014-06-28 19:02:53 +03:00
parent 052ae83340
commit 69abbc7ff3
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
framework/base/Security.php
View File

@ -180,7 +180,7 @@ class Security extends Component
$end = StringHelper::byteSubstr($data, -1, null); $end = StringHelper::byteSubstr($data, -1, null);
$last = ord($end); $last = ord($end);
$n = StringHelper::byteLength($data) - $last; $n = StringHelper::byteLength($data) - $last;
if (StringHelper::byteSubstr($data, $n, null) == str_repeat($end, $last)) { if (StringHelper::byteSubstr($data, $n, null) === str_repeat($end, $last)) {
return StringHelper::byteSubstr($data, 0, $n); return StringHelper::byteSubstr($data, 0, $n);
} }
@ -322,12 +322,8 @@ class Security extends Component
*/ */
public function generateRandomKey($length = 32) public function generateRandomKey($length = 32)
{ {
if (function_exists('mcrypt_create_iv')) {
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
} }
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.';
return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
}
/** /**
* Opens the mcrypt module. * Opens the mcrypt module.