aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--phpBB/includes/functions.php8
-rw-r--r--tests/random/gen_rand_string_test.php10
2 files changed, 14 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 4aae84705b..270d513a26 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -66,23 +66,27 @@ function set_var(&$result, $var, $type, $multibyte = false)
/**
* Generates an alphanumeric random string of given length
*
+* @param int $num_chars Length of random string, defaults to 8
+*
* @return string
*/
function gen_rand_string($num_chars = 8)
{
// [a, z] + [0, 9] = 36
- return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);
+ return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars);
}
/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.
*
+* @param int $num_chars Length of random string, defaults to 8
+*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{
- $rand_str = unique_id();
+ $rand_str = bin2hex(random_bytes($num_chars));
// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
diff --git a/tests/random/gen_rand_string_test.php b/tests/random/gen_rand_string_test.php
index a9d1ea20de..428db6ac98 100644
--- a/tests/random/gen_rand_string_test.php
+++ b/tests/random/gen_rand_string_test.php
@@ -40,7 +40,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case
$random_string_length = strlen($random_string);
$this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH);
- $this->assertTrue($random_string_length <= $num_chars);
+ $this->assertTrue(
+ $random_string_length == $num_chars,
+ sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length)
+ );
$this->assertRegExp('#^[A-Z0-9]+$#', $random_string);
}
}
@@ -56,7 +59,10 @@ class phpbb_random_gen_rand_string_test extends phpbb_test_case
$random_string_length = strlen($random_string);
$this->assertTrue($random_string_length >= self::MIN_STRING_LENGTH);
- $this->assertTrue($random_string_length <= $num_chars);
+ $this->assertTrue(
+ $random_string_length == $num_chars,
+ sprintf('Failed asserting that random string length matches expected length. Expected %1$u, Actual %2$u', $num_chars, $random_string_length)
+ );
$this->assertRegExp('#^[A-NP-Z1-9]+$#', $random_string);
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-02 14:27:00 +0000