1.3.4

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.3.3 #
+
+The following happened to getUniqid():
+
+Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is unable to locate a 
+cryptographically strong algorithm.
+
 # 1.3.2 #
 
 ENT_SUBSTITUTE added to Alo::unXss() 

docs/class-AloFramework.Common.Alo.html

@@ -235,7 +235,7 @@ <h4>Since</h4>
 
 			<td class="name"><div>
 			<a class="anchor" href="#_getUniqid">#</a>
-			<code>getUniqid( <span>string <var>$hash</var> = <span class="php-quote">'sha256'</span></span>, <span>string <var>$prefix</var> = <span class="php-quote">''</span></span>, <span>integer <var>$entropy</var> = <span class="php-num">250</span></span>, <span>boolean <var>$rawOutput</var> = <span class="php-keyword1">false</span></span> )</code>
+			<code>getUniqid( <span>string <var>$hash</var> = <span class="php-quote">'sha256'</span></span>, <span>string <var>$prefix</var> = <span class="php-quote">''</span></span>, <span>integer <var>$entropy</var> = <span class="php-num">10000</span></span>, <span>boolean <var>$rawOutput</var> = <span class="php-keyword1">false</span></span> )</code>
 
 			<div class="description short">
 				<p>Generates a unique identifier</p>
@@ -269,11 +269,14 @@ <h4>Author</h4>
 					</div>
 					<h4>Since</h4>
 					<div class="list">
-							1.3<br>
+							<p>1.3.3 Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is
+unable to locate a cryptographically strong algorithm.<br/>
+        1.3</p><br>
 					</div>
 					<h4>See</h4>
 					<div class="list">
 							https://secure.php.net/manual/en/function.hash.php<br>
+							https://secure.php.net/manual/en/function.openssl-random-pseudo-bytes.php<br>
 					</div>
 					<h4>Codecoverageignore</h4>
 					<div class="list">

src/Alo.php

@@ -203,10 +203,13 @@ static function asciiRand($length, $subset = self::ASCII_ALL) {
          *
          * @return string
          * @see    https://secure.php.net/manual/en/function.hash.php
-         * @since  1.3
+         * @see    https://secure.php.net/manual/en/function.openssl-random-pseudo-bytes.php
+         * @since  1.3.3 Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is
+         * unable to locate a cryptographically strong algorithm.<br/>
+         *         1.3
          * @codeCoverageIgnore
          */
-        static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 250, $rawOutput = false) {
+        static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 10000, $rawOutput = false) {
             $str = mt_rand(~PHP_INT_MAX, PHP_INT_MAX) . json_encode([$_COOKIE,
                                                                      $_REQUEST,
                                                                      $_FILES,
@@ -217,7 +220,14 @@ static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 250, $rawOu
                    self::asciiRand($entropy, self::ASCII_ALL);
 
             if (function_exists('\openssl_random_pseudo_bytes')) {
-                $str .= \openssl_random_pseudo_bytes($entropy);
+                $algoStrong = null;
+                $str .= \openssl_random_pseudo_bytes($entropy, $algoStrong);
+
+                if ($algoStrong !== true) {
+                    trigger_error('Please update your openssl & PHP libraries. openssl_random_pseudo_bytes was unable' .
+                                  ' to locate a cryptographically strong algorithm.',
+                                  E_USER_WARNING);
+                }
             } else {
                 trigger_error('The openssl extension is not enabled, therefore the unique ID is not ' .
                               'cryptographically secure.',