Missing Best Practice

xsuperbug · xsuperbug · commit 666ab375b536 · 2016-05-24T14:14:36.000+03:00
uniqid does not create random nor unpredictable string. This function must not be used for security purposes.  If you need to generate cryptographically secure tokens use openssl_random_pseudo_bytes().
diff --git a/src/Connection.php b/src/Connection.php
@@ -307,7 +307,7 @@ public function subscribe($subject, \Closure $callback)
      */
     public function queueSubscribe($subject, $queue, \Closure $callback)
     {
-        $sid = uniqid();
+        $sid = openssl_random_pseudo_bytes(16);
         $msg = 'SUB '.$subject.' '.$queue.' '. $sid;
         $this->send($msg);
         $this->subscriptions[$sid] = $callback;

Original file line number	Diff line number	Diff line change
`@@ -307,7 +307,7 @@ public function subscribe($subject, \Closure $callback)`
`307`	`307`	`*/`
`308`	`308`	`public function queueSubscribe($subject, $queue, \Closure $callback)`
`309`	`309`	`{`
`310`		`- $sid = uniqid();`
	`310`	`+ $sid = openssl_random_pseudo_bytes(16);`
`311`	`311`	`$msg = 'SUB '.$subject.' '.$queue.' '. $sid;`
`312`	`312`	`$this->send($msg);`
`313`	`313`	`$this->subscriptions[$sid] = $callback;`