From 7898dc24c84d72357391c3babe5ebe13e918e063 Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Tue, 30 Jul 2019 20:14:37 +0200
Subject: [PATCH] mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes
 depends on openssl. php7 has the platform-independent `random_bytes` to
 generate "cryptographically secure" random data. use that for csrf token.

---
 includes/functions.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 24da797f..66d87116 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -60,11 +60,7 @@ function safefilerewrite($fileName, $dataToSave)
 function ensureCSRFSessionToken()
 {
     if (empty($_SESSION['csrf_token'])) {
-        if (function_exists('mcrypt_create_iv')) {
-            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
-        } else {
-            $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
-        }
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
     }
 }