From da1a171fbc2e64b0fb2c24d9cd111e6f99064206 Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Tue, 24 Sep 2013 14:44:04 +0400 Subject: [PATCH] Prevent generation of negative tokens (see Issue #5) --- src/messenger/webim/libs/chat.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 5a2306d1..a30ed77f 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -40,7 +40,14 @@ $kind_to_string = array($kind_user => "user", $kind_agent => "agent", $kind_for_ function next_token() { - return function_exists('openssl_random_pseudo_bytes') ? hexdec(bin2hex(openssl_random_pseudo_bytes(4))) : mt_rand(99999, 99999999); + if (function_exists('openssl_random_pseudo_bytes')) { + $token_arr = unpack('N', "\x0" . openssl_random_pseudo_bytes(3)); + $token = $token_arr[1]; + } + else { + $token = mt_rand(99999, 99999999); + } + return $token; } function next_revision($link)