Csrf middleware is not fully PHP 5 compatible

oscarotero / psr7-middlewares

[DEPRECATED] Collection of PSR-7 middlewares

MIT License

668 stars 56 forks source link

Csrf middleware is not fully PHP 5 compatible #62

Closed llaville closed 7 years ago

llaville commented 7 years ago

Hello,

I've recently used Csrf Middleware with PHP 5.6 and cannot run it due to generateTokens() function.

random_bytes is only available since PHP 7.0

I suggest to use openssl extension such as :

        if (version_compare(PHP_VERSION, '7.0', 'ge')) {
            $index = self::encode(random_bytes(18));
            $token = self::encode(random_bytes(32));
        } else {
            $index = self::encode(openssl_random_pseudo_bytes(18));
            $token = self::encode(openssl_random_pseudo_bytes(32));
        }

What do you think of such solution ?

oscarotero commented 7 years ago

Good catch. Maybe a better approach is simply check whether the function exists or not. Something like this: http://php.net/manual/en/function.random-bytes.php#118932 Do you want to work on a pull request? Thank you!

llaville commented 7 years ago

Nice TIP (manual page). OK I'll work on a PR tomorrow !

llaville commented 7 years ago

Code is available on my forked version at https://github.com/llaville/psr7-middlewares/commit/236fbaea99e236135cfab0122f1a1a027b7ab62a (for code review, if you want). I'll test it in real condition tomorrow, and gave you my feedback !

llaville commented 7 years ago

PR #63 is available !

oscarotero commented 7 years ago

Merged. Thanks for your contribution 👍