deon/lnkohana
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Kohana v3.3.2

Browse Source
This commit is contained in:
Deon George
2014-09-06 23:43:07 +10:00
parent f96694b18f
commit 8888719653
236 changed files with 1685 additions and 996 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
system/classes/Kohana/Security.php
View File

@@ -48,7 +48,17 @@ class Kohana_Security {
if ($new === TRUE OR ! $token)
{
// Generate a new unique token
$token = sha1(uniqid(NULL, TRUE));
if (function_exists('openssl_random_pseudo_bytes'))
{
// Generate a random pseudo bytes token if openssl_random_pseudo_bytes is available
// This is more secure than uniqid, because uniqid relies on microtime, which is predictable
$token = base64_encode(openssl_random_pseudo_bytes(32));
}
else
{
// Otherwise, fall back to a hashed uniqid
$token = sha1(uniqid(NULL, TRUE));
}
// Store the new token
$session->set(Security::$token_name, $token);
@@ -100,4 +110,4 @@ class Kohana_Security {
return str_replace(array('<?', '?>'), array('&lt;?', '?&gt;'), $str);
}
} // End security
}