Commit f09c78aa by Qiang Xue

save security keys as a serialized string instead of exported variable.

parent 4b49a31f
<?php
$params = require(__DIR__ . '/params.php');
return [
'id' => 'bootstrap-console',
'id' => 'basic-console',
'basePath' => dirname(__DIR__),
'preload' => ['log'],
'controllerPath' => dirname(__DIR__) . '/commands',
......
<?php
$params = require(__DIR__ . '/params.php');
$config = [
'id' => 'bootstrap',
'id' => 'basic',
'basePath' => dirname(__DIR__),
'extensions' => require(__DIR__ . '/../vendor/yiisoft/extensions.php'),
'components' => [
......
......@@ -175,7 +175,7 @@ class BaseSecurity
/**
* Returns a secret key associated with the specified name.
* If the secret key does not exist, a random key will be generated
* and saved in the file "keys.php" under the application's runtime directory
* and saved in the file "keys.data" under the application's runtime directory
* so that the same secret key can be returned in future requests.
* @param string $name the name that is associated with the secret key
* @param integer $length the length of the key that should be generated if not exists
......@@ -184,16 +184,16 @@ class BaseSecurity
public static function getSecretKey($name, $length = 32)
{
static $keys;
$keyFile = Yii::$app->getRuntimePath() . '/keys.php';
$keyFile = Yii::$app->getRuntimePath() . '/keys.data';
if ($keys === null) {
$keys = [];
if (is_file($keyFile)) {
$keys = require($keyFile);
$keys = unserialize(file_get_contents($keyFile));
}
}
if (!isset($keys[$name])) {
$keys[$name] = static::generateRandomKey($length);
file_put_contents($keyFile, "<?php\nreturn " . var_export($keys, true) . ";\n");
file_put_contents($keyFile, serialize($keys));
}
return $keys[$name];
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment