php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-03 13:58:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fallback at Security::generateRandomKey() removed

Browse Source
This commit is contained in:
Paul Klimov
2014-06-28 19:02:53 +03:00
parent 052ae83340
commit 69abbc7ff3
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
framework/base/Security.php
View File

@ -180,7 +180,7 @@ class Security extends Component
$end = StringHelper::byteSubstr($data, -1, null);
$last = ord($end);
$n = StringHelper::byteLength($data) - $last;
if (StringHelper::byteSubstr($data, $n, null) == str_repeat($end, $last)) {
if (StringHelper::byteSubstr($data, $n, null) === str_repeat($end, $last)) {
return StringHelper::byteSubstr($data, 0, $n);
}
@ -322,11 +322,7 @@ class Security extends Component
*/
public function generateRandomKey($length = 32)
{
if (function_exists('mcrypt_create_iv')) {
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.';
return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
/**