Csrf middleware is not fully PHP 5 compatible

Question

Csrf middleware is not fully PHP 5 compatible

llaville opened this issue 8 years ago · 5 comments

Hello,

I've recently used Csrf Middleware with PHP 5.6 and cannot run it due to generateTokens() function.

random_bytes is only available since PHP 7.0

I suggest to use openssl extension such as :

        if (version_compare(PHP_VERSION, '7.0', 'ge')) {
            $index = self::encode(random_bytes(18));
            $token = self::encode(random_bytes(32));
        } else {
            $index = self::encode(openssl_random_pseudo_bytes(18));
            $token = self::encode(openssl_random_pseudo_bytes(32));
        }

What do you think of such solution ?

Answer 1 · 2017-01-03T21:35:49.000Z

Good catch.
Maybe a better approach is simply check whether the function exists or not. Something like this: http://php.net/manual/en/function.random-bytes.php#118932
Do you want to work on a pull request?
Thank you!

Answer 2 · 2017-01-03T21:53:20.000Z

Nice TIP (manual page). OK I'll work on a PR tomorrow !

Answer 3 · 2017-01-03T22:48:20.000Z

Code is available on my forked version at https://github.com/llaville/psr7-middlewares/commit/236fbaea99e236135cfab0122f1a1a027b7ab62a (for code review, if you want).
I'll test it in real condition tomorrow, and gave you my feedback !

Answer 4 · 2017-01-04T18:41:41.000Z

PR #63 is available !

Answer 5 · 2017-01-04T20:24:29.000Z

Merged. Thanks for your contribution 👍