Skip to content

Commit

Permalink
Replace uniqid with random_bytes (#14)
Browse files Browse the repository at this point in the history 
* Add paragonie/random_compat to maintain PHP 5.x compatibility
* Update generateNonce to use random_bytes instead of uniqid
  • Loading branch information
@adamlundrigan
adamlundrigan authored and Florian Preusner committed Aug 9, 2019
1 parent 3998dae commit 006f72d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@

"require": {
"php": ">=5.5",
"guzzlehttp/guzzle": ">=6.0"
"guzzlehttp/guzzle": ">=6.0",
"paragonie/random_compat": ">=2"
},

"autoload": {
Expand Down
2 changes: 1 addition & 1 deletion src/EightPoints/Guzzle/WsseAuthMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,6 @@ public function generateDigest($nonce, $createdAt, $password)
*/
public function generateNonce()
{
return base64_encode(hash('sha512', uniqid(true)));
return base64_encode(random_bytes(128));
}
}

0 comments on commit 006f72d

Please sign in to comment.