Fixes #875: Security::generateRandomKey() can now be safely used in URLs

0284bc4a · Alexander Makarov · 4a9efc9e · 0284bc4a
Commit 0284bc4a authored Sep 15, 2013 by Alexander Makarov
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

SecurityBase.php framework/yii/helpers/SecurityBase.php +2 -2

No files found.
--- a/framework/yii/helpers/SecurityBase.php
+++ b/framework/yii/helpers/SecurityBase.php
@@ -140,12 +140,12 @@ class SecurityBase
 	public static function generateRandomKey($length = 32)
 	{
 		if (function_exists('openssl_random_pseudo_bytes')) {
-			$key = base64_encode(openssl_random_pseudo_bytes($length, $strong));
+			$key = strtr(base64_encode(openssl_random_pseudo_bytes($length, $strong)), array('+' => '_', '/' => '~'));
 			if ($strong) {
 				return substr($key, 0, $length);
 			}
 		}
-		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+		$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_~';
 		return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
 	}