Skip to content

Y
yii2
Commit 69abbc7f by Paul Klimov
Options

Fallback at `Security::generateRandomKey()` removed

parent 052ae833
Showing with 2 additions and 6 deletions
framework/base/Security.php
...@@ -180,7 +180,7 @@ class Security extends Component ...@@ -180,7 +180,7 @@ class Security extends Component
$end = StringHelper::byteSubstr($data, -1, null); $end = StringHelper::byteSubstr($data, -1, null);
$last = ord($end); $last = ord($end);
$n = StringHelper::byteLength($data) - $last; $n = StringHelper::byteLength($data) - $last;
if (StringHelper::byteSubstr($data, $n, null) == str_repeat($end, $last)) { if (StringHelper::byteSubstr($data, $n, null) === str_repeat($end, $last)) {
return StringHelper::byteSubstr($data, 0, $n); return StringHelper::byteSubstr($data, 0, $n);
} }
...@@ -322,11 +322,7 @@ class Security extends Component ...@@ -322,11 +322,7 @@ class Security extends Component
*/ */
public function generateRandomKey($length = 32) public function generateRandomKey($length = 32)
{ {
if (function_exists('mcrypt_create_iv')) { return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.';
return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment