do not use uniqid() for generating dev tool tokens

xabbuh · xabbuh · commit 093187438887 · 2024-07-18T11:35:04.000+02:00
diff --git a/EventListener/ConsoleProfilerListener.php b/EventListener/ConsoleProfilerListener.php
@@ -77,7 +77,7 @@ public function initialize(ConsoleCommandEvent $event): void
             return;
         }
 
-        $request->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));
+        $request->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));
         $this->stopwatch->openSection();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ public function initialize(ConsoleCommandEvent $event): void`
`77`	`77`	`return;`
`78`	`78`	`}`
`79`	`79`
`80`		`- $request->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));`
	`80`	`+ $request->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));`
`81`	`81`	`$this->stopwatch->openSection();`
`82`	`82`	`}`
`83`	`83`