From 0284bc4a457a5dedb20ac13eff3034d406826f20 Mon Sep 17 00:00:00 2001
From: Alexander Makarov <sam@rmcreative.ru>
Date: Sun, 15 Sep 2013 16:34:19 +0400
Subject: [PATCH] Fixes #875: Security::generateRandomKey() can now be safely
 used in URLs

---
 framework/yii/helpers/SecurityBase.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/framework/yii/helpers/SecurityBase.php b/framework/yii/helpers/SecurityBase.php
index 541b311..1cd9403 100644
--- a/framework/yii/helpers/SecurityBase.php
+++ b/framework/yii/helpers/SecurityBase.php
@@ -140,12 +140,12 @@ class SecurityBase
 	public static function generateRandomKey($length = 32)
 	{
 		if (function_exists('openssl_random_pseudo_bytes')) {
-			$key = base64_encode(openssl_random_pseudo_bytes($length, $strong));
+			$key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '~'));
 			if ($strong) {
 				return substr($key, 0, $length);
 			}
 		}
-		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_~';
 		return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
 	}