diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-01-21 16:35:41 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-01-21 16:35:41 +0100 |
commit | 7a0e6970b447b270c09e16fc7ee4098f736a7a12 (patch) | |
tree | ffc816de279e9f65fd280aa381c091d769b95d4c /src | |
parent | 9aa66d6244935fe86a5598fbdbe518cf6204af2e (diff) | |
download | wallabag-7a0e6970b447b270c09e16fc7ee4098f736a7a12.tar.gz wallabag-7a0e6970b447b270c09e16fc7ee4098f736a7a12.tar.zst wallabag-7a0e6970b447b270c09e16fc7ee4098f736a7a12.zip |
Use PHP7 random_bytes to generate RSS Token
random_bytes is a PHP 7 function wich has been ported to PHP 5 using paragonie/random_compat
Diffstat (limited to 'src')
-rw-r--r-- | src/Wallabag/CoreBundle/Tools/Utils.php | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/src/Wallabag/CoreBundle/Tools/Utils.php b/src/Wallabag/CoreBundle/Tools/Utils.php index a16baca9..71cbc490 100644 --- a/src/Wallabag/CoreBundle/Tools/Utils.php +++ b/src/Wallabag/CoreBundle/Tools/Utils.php | |||
@@ -7,20 +7,13 @@ class Utils | |||
7 | /** | 7 | /** |
8 | * Generate a token used for RSS. | 8 | * Generate a token used for RSS. |
9 | * | 9 | * |
10 | * @param integer $length Length of the token | ||
11 | * | ||
10 | * @return string | 12 | * @return string |
11 | */ | 13 | */ |
12 | public static function generateToken() | 14 | public static function generateToken($length = 15) |
13 | { | 15 | { |
14 | if (ini_get('open_basedir') === '') { | 16 | $token = substr(base64_encode(random_bytes($length)), 0, $length); |
15 | if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { | ||
16 | // alternative to /dev/urandom for Windows | ||
17 | $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20); | ||
18 | } else { | ||
19 | $token = substr(base64_encode(file_get_contents('/dev/urandom', false, null, 0, 20)), 0, 15); | ||
20 | } | ||
21 | } else { | ||
22 | $token = substr(base64_encode(uniqid(mt_rand(), true)), 0, 20); | ||
23 | } | ||
24 | 17 | ||
25 | // remove character which can broken the url | 18 | // remove character which can broken the url |
26 | return str_replace(array('+', '/'), '', $token); | 19 | return str_replace(array('+', '/'), '', $token); |