Use PHP7 random_bytes to generate RSS Token

[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Tools / Utils.php

diff --git a/src/Wallabag/CoreBundle/Tools/Utils.php b/src/Wallabag/CoreBundle/Tools/Utils.php
index a16baca97e0a09e27e7c35e7ecafdfdf0131416e..71cbc490dd48119a218b1b829f6be4be9c08da57 100644 (file)
--- a/src/Wallabag/CoreBundle/Tools/Utils.php
+++ b/src/Wallabag/CoreBundle/Tools/Utils.php
@@ -7,20 +7,13 @@ class Utils
     /**
      * Generate a token used for RSS.
      *
+     * @param integer $length Length of the token
+     *
      * @return string
      */
-    public static function generateToken()
+    public static function generateToken($length = 15)
     {
-        if (ini_get('open_basedir') === '') {
-            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
-                // alternative to /dev/urandom for Windows
-                $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-            } else {
-                $token = substr(base64_encode(file_get_contents('/dev/urandom', false, null, 0, 20)), 0, 15);
-            }
-        } else {
-            $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-        }
+        $token = substr(base64_encode(random_bytes($length)), 0, $length);
 
         // remove character which can broken the url
         return str_replace(array('+', '/'), '', $token);