Merge pull request #776 from greezybacon/issue/771

Make Crypto::random() more reliable on Windows Reviewed-By: Peter Rotich <peter@osticket.com>

Merge pull request #776 from greezybacon/issue/771
Make Crypto::random() more reliable on Windows Reviewed-By: Peter Rotich <peter@osticket.com>
ea39a677 · Peter Rotich · 2f97d7e6 · 3e42f2ae · ea39a677
Commit ea39a677 authored 11 years ago by Peter Rotich
--- a/include/class.crypto.php
+++ b/include/class.crypto.php
@@ -165,13 +165,17 @@ class Crypto {
    function random($len) {

        if(CRYPT_IS_WINDOWS) {
-            if (function_exists('mcrypt_create_iv')
-                    && version_compare(PHP_VERSION, '5.3', '>='))
-                return mcrypt_create_iv($len);
-
            if (function_exists('openssl_random_pseudo_bytes')
                    && version_compare(PHP_VERSION, '5.3.4', '>='))
                return openssl_random_pseudo_bytes($len);
+
+            // Looks like mcrypt_create_iv with MCRYPT_DEV_RANDOM is still
+            // unreliable on 5.3.6:
+            // https://bugs.php.net/bug.php?id=52523
+            if (function_exists('mcrypt_create_iv')
+                    && version_compare(PHP_VERSION, '5.3.7', '>='))
+                return mcrypt_create_iv($len);
+
        } else {

            if (function_exists('openssl_random_pseudo_bytes'))