Browse Source

Fixes #875: Security::generateRandomKey() can now be safely used in URLs

tags/2.0.0-beta
Alexander Makarov 11 years ago
parent
commit
0284bc4a45
  1. 4
      framework/yii/helpers/SecurityBase.php

4
framework/yii/helpers/SecurityBase.php

@ -140,12 +140,12 @@ class SecurityBase
public static function generateRandomKey($length = 32) public static function generateRandomKey($length = 32)
{ {
if (function_exists('openssl_random_pseudo_bytes')) { if (function_exists('openssl_random_pseudo_bytes')) {
$key = base64_encode(openssl_random_pseudo_bytes($length, $strong)); $key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '~'));
if ($strong) { if ($strong) {
return substr($key, 0, $length); return substr($key, 0, $length);
} }
} }
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_~';
return substr(str_shuffle(str_repeat($chars, 5)), 0, $length); return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
} }

Loading…
Cancel
Save