diff --git a/web/includes/functions.php b/web/includes/functions.php index 13b347893..537a9fa8e 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -2620,4 +2620,19 @@ function random_colour() { str_pad( dechex( mt_rand( 0, 255 ) ), 2, '0', STR_PAD_LEFT); } +function zm_random_bytes($length = 32){ + if ( !isset($length) || intval($length) <= 8 ) { + $length = 32; + } + if ( function_exists('random_bytes') ) { + return random_bytes($length); + } + if ( function_exists('mcrypt_create_iv') ) { + return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); + } + if ( function_exists('openssl_random_pseudo_bytes') ) { + return openssl_random_pseudo_bytes($length); + } + ZM\Error('No random_bytes function found.'); +} ?> diff --git a/web/index.php b/web/index.php index 2f1a6cf62..d5f261742 100644 --- a/web/index.php +++ b/web/index.php @@ -177,7 +177,7 @@ if ( isset($_REQUEST['view']) ) # Add CSP Headers -$cspNonce = bin2hex(openssl_random_pseudo_bytes(16)); +$cspNonce = bin2hex(zm_random_bytes(16)); $request = null; if ( isset($_REQUEST['request']) )