From 626590eda54806f796ea247eebcfb89a875a6506 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Tue, 3 Jul 2018 10:41:04 +0200
Subject: [PATCH] Merge branch
 '5843-security-insecure-generation-of-random-tokens' into '1.3-dev'

Resolve "Security: Insecure Generation of Random Tokens"

See merge request fusiondirectory/fd!322

(cherry picked from commit 697eff83986cb4f27d1089b59a7775298d0335e3)

4abf4588 :ambulance: fix(core) Avoid crash on 32-bits systems for random_int fallback
---
 include/functions.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/functions.inc b/include/functions.inc
index af35d642b..3b8cf034a 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -2663,7 +2663,7 @@ if (!function_exists('random_int')) {
       if (!$strong || ($randomBytes === FALSE)) {
         throw new Exception('Failed to get random bytes');
       }
-      $rnd = unpack('Q', $randomBytes)[1];
+      $rnd = unpack('L', $randomBytes)[1];
       // discard irrelevant bits
       $rnd = $rnd & $filter;
     } while ($rnd >= $range);
-- 
GitLab