Use PHP7 random_bytes to generate RSS Token

random_bytes is a PHP 7 function wich has been ported to PHP 5 using paragonie/random_compat

2 files changed, 6 insertions, 12 deletions

diff --git a/composer.json b/composer.json
index 78b32307..d84e1f8b 100644
--- a/composer.json
+++ b/composer.json
@@ -62,7 +62,8 @@
         "wallabag/php-mobi": "~1.0.0",
         "kphoen/rulerz-bundle": "~0.10",
         "guzzlehttp/guzzle": "^5.2.0",
-        "doctrine/doctrine-migrations-bundle": "^1.0"
+        "doctrine/doctrine-migrations-bundle": "^1.0",
+        "paragonie/random_compat": "~1.0"
     },
     "require-dev": {
         "doctrine/doctrine-fixtures-bundle": "~2.2",
diff --git a/src/Wallabag/CoreBundle/Tools/Utils.php b/src/Wallabag/CoreBundle/Tools/Utils.php
index a16baca9..71cbc490 100644
--- a/src/Wallabag/CoreBundle/Tools/Utils.php
+++ b/src/Wallabag/CoreBundle/Tools/Utils.php
@@ -7,20 +7,13 @@ class Utils
     /**
      * Generate a token used for RSS.
      *
+     * @param integer $length Length of the token
+     *
      * @return string
      */
-    public static function generateToken()
+    public static function generateToken($length = 15)
     {
-        if (ini_get('open_basedir') === '') {
-            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
-                // alternative to /dev/urandom for Windows
-                $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-            } else {
-                $token = substr(base64_encode(file_get_contents('/dev/urandom', false, null, 0, 20)), 0, 15);
-            }
-        } else {
-            $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20);
-        }
+        $token = substr(base64_encode(random_bytes($length)), 0, $length);
 
         // remove character which can broken the url
         return str_replace(array('+', '/'), '', $token);