From 846596294d4f3f747799ea50ae8f8f65ab0cfa5f Mon Sep 17 00:00:00 2001
From: Paul Klimov <klimov.paul@gmail.com>
Date: Fri, 27 Jun 2014 21:45:52 +0300
Subject: [PATCH] Fallback for `Security::generateRandomKey()` added

---
 framework/base/Security.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/framework/base/Security.php b/framework/base/Security.php
index 73ed472..bdd882f 100644
--- a/framework/base/Security.php
+++ b/framework/base/Security.php
@@ -223,12 +223,17 @@ class Security extends Component
 
     /**
      * Generates a random key. The key may contain uppercase and lowercase latin letters, digits, underscore, dash and dot.
+     * Note: for delivering high security key, this method requires PHP 'mcrypt' extension.
      * @param integer $length the length of the key that should be generated
      * @return string the generated random key
      */
     public function generateRandomKey($length = 32)
     {
-        return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+        if (function_exists('mcrypt_create_iv')) {
+            return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+        }
+        $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.';
+        return substr(str_shuffle(str_repeat($chars, 5)), 0, $length);
     }
 
     /**
--
libgit2 0.27.1