From 3994b3a26c252cba4070337b036e3a1c12c81369 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 23 May 2015 03:42:11 -0400
Subject: [PATCH] Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)

---
 program/include/rcmail_install.php |   25 ++-----------------------
 1 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/program/include/rcmail_install.php b/program/include/rcmail_install.php
index e161779..aea9ebb 100644
--- a/program/include/rcmail_install.php
+++ b/program/include/rcmail_install.php
@@ -163,7 +163,7 @@
     $value = $this->config[$name];
 
     if ($name == 'des_key' && !$this->configured && !isset($_REQUEST["_$name"]))
-      $value = self::random_key(24);
+      $value = rcube_utils::random_bytes(24);
 
     return $value !== null && $value !== '' ? $value : $default;
   }
@@ -193,7 +193,7 @@
 
       // generate new encryption key, never use the default value
       if ($prop == 'des_key' && $value == $this->defaults[$prop])
-        $value = $this->random_key(24);
+        $value = rcube_utils::random_bytes(24);
 
       // convert some form data
       if ($prop == 'debug_level' && !$is_default) {
@@ -785,25 +785,4 @@
   {
       $this->last_error = $p;
   }
-
-
-  /**
-   * Generarte a ramdom string to be used as encryption key
-   *
-   * @param int Key length
-   * @return string The generated random string
-   * @static
-   */
-  function random_key($length)
-  {
-    $alpha = 'ABCDEFGHIJKLMNOPQERSTUVXYZabcdefghijklmnopqrtsuvwxyz0123456789+*%&?!$-_=';
-    $out = '';
-
-    for ($i=0; $i < $length; $i++)
-      $out .= $alpha{rand(0, strlen($alpha)-1)};
-
-    return $out;
-  }
-
 }
-

--
Gitblit v1.9.1