Skip to content

Y
yii2
Commit 0284bc4a by Alexander Makarov
Options

Fixes #875: Security::generateRandomKey() can now be safely used in URLs

parent 4a9efc9e
Showing with 2 additions and 2 deletions
framework/yii/helpers/SecurityBase.php
...@@ -140,12 +140,12 @@ class SecurityBase ...@@ -140,12 +140,12 @@ class SecurityBase
public static function generateRandomKey($length = 32) public static function generateRandomKey($length = 32)
{ {
if (function_exists('openssl_random_pseudo_bytes')) { if (function_exists('openssl_random_pseudo_bytes')) {
$key = base64_encode(openssl_random_pseudo_bytes($length, $strong)); $key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '~'));
if ($strong) { if ($strong) {
return substr($key, 0, $length); return substr($key, 0, $length);
} }
} }
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_~';
return substr(str_shuffle(str_repeat($chars, 5)), 0, $length); return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment