From a8d21805f5b0535805c62e22d83b0d84a996fd05 Mon Sep 17 00:00:00 2001
From: Alexander Makarov <sam@rmcreative.ru>
Date: Mon, 16 Sep 2013 01:49:54 +0400
Subject: [PATCH] Security::generateRandomKey enhancements:

- Equals sign is now replaced with dot.
- Slash is now replaced with dash.
- Better phpdoc.
---
 framework/yii/helpers/SecurityBase.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/framework/yii/helpers/SecurityBase.php b/framework/yii/helpers/SecurityBase.php
index 1cd9403..0ecad0f 100644
--- a/framework/yii/helpers/SecurityBase.php
+++ b/framework/yii/helpers/SecurityBase.php
@@ -133,19 +133,19 @@ class SecurityBase
 	}
 
 	/**
-	 * Generates a random key.
+	 * Generates a random key. The key may contain uppercase and lowercase latin letters, digits, underscore, dash and dot.
 	 * @param integer $length the length of the key that should be generated
 	 * @return string the generated random key
 	 */
 	public static function generateRandomKey($length = 32)
 	{
 		if (function_exists('openssl_random_pseudo_bytes')) {
-			$key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '~'));
+			$key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '-', '=' => '.'));
 			if ($strong) {
 				return substr($key, 0, $length);
 			}
 		}
-		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_~';
+		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.';
 		return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
 	}