minor #57746 do not use uniqid() for generating dev tool tokens (xabbuh)

nicolas-grekas · nicolas-grekas · commit beff62fe949b · 2024-07-18T11:38:36.000+02:00
This PR was merged into the 7.2 branch.

Discussion
----------

do not use `uniqid()` for generating dev tool tokens

| Q             | A
| ------------- | ---
| Branch?       | 7.2
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | part of #57588
| License       | MIT

Commits
-------

5ad7ab9fab do not use uniqid() for generating dev tool tokens
diff --git a/EventListener/ConsoleProfilerListener.php b/EventListener/ConsoleProfilerListener.php
@@ -77,7 +77,7 @@ public function initialize(ConsoleCommandEvent $event): void
             return;
         }
 
-        $request->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));
+        $request->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));
         $this->stopwatch->openSection();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ public function initialize(ConsoleCommandEvent $event): void`
`77`	`77`	`return;`
`78`	`78`	`}`
`79`	`79`
`80`		`- $request->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));`
	`80`	`+ $request->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));`
`81`	`81`	`$this->stopwatch->openSection();`
`82`	`82`	`}`
`83`	`83`