Merge pull request #12150 from sergeyklay/3.0.x

Fixed Random::base64Safe
phalcon · Aug 17, 2016 · c9e8d76 · c9e8d76
2 parents 095ce2e + 0ec814a
commit c9e8d76
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@
 - Fixed `Phalcon\Mvc\Model\Criteria::inWhere` so that now the second parameter can be an empty array [#10676](https://github.com/phalcon/cphalcon/issues/10676)
 - Fixed ORM related memory leak [#12115](https://github.com/phalcon/cphalcon/issues/12115), [#11995](https://github.com/phalcon/cphalcon/issues/11995), [#12116](https://github.com/phalcon/cphalcon/issues/12116)
 - Fixed incorrect `Phalcon\Mvc\View::getActiveRenderPath` behavior [#12139](https://github.com/phalcon/cphalcon/issues/12139)
+- Fixed `Phalcon\Security\Random::base64Safe` so that now the method returns correct safe string [#12141](https://github.com/phalcon/cphalcon/issues/12141)
 
 # [3.0.0](https://github.com/phalcon/cphalcon/releases/tag/v3.0.0) (2016-07-29)
 - PHP 5.3 and 5.4 are now fully deprecated

diff --git a/phalcon/security/random.zep b/phalcon/security/random.zep
@@ -248,10 +248,11 @@ class Random
 	{
 		var s;
 
-		let s = preg_replace("#[^a-z0-9_=-]+#i", "", this->base64(len));
+		let s = strtr(base64_encode(this->base64(len)), "+/", "-_");
+		let s = preg_replace("#[^a-z0-9_=-]+#i", "", s);
 
 		if !padding {
-			return trim(s, "=");
+			return rtrim(s, "=");
 		}
 
 		return s;

diff --git a/tests/unit/Security/RandomTest.php b/tests/unit/Security/RandomTest.php
@@ -214,28 +214,20 @@ function () {
 
                 $random = new Random();
 
-                $getSize = function($len) {
-                    // Size formula: 4 *( $len / 3) and this need to be rounded up to a multiple of 4.
-                    return (int)(round(4*($len/3))%4 === 0) ? round(4*($len/3)) : round((4*($len/3)+4/2)/4)*4;
-                };
-
                 $isValid = function($base64, $padding = false) {
                     $pattern = $padding ? "a-z0-9_=-" : "a-z0-9_-";
                     return (preg_match("#[^$pattern]+#i", $base64) === 0);
                 };
 
                 foreach ($lens as $len) {
                     $actual = $random->base64Safe($len);
-                    expect(strlen($actual))->lessOrEquals($getSize($len));
                     expect($isValid($actual))->true();
                 }
 
                 $actual = $random->base64Safe();
-                expect(strlen($actual))->lessOrEquals($getSize(16));
                 expect($isValid($actual))->true();
 
                 $actual = $random->base64Safe(null, true);
-                expect(strlen($actual))->lessOrEquals($getSize(16));
                 expect($isValid($actual, true))->true();
             }
         );