/**
* Fetch a value from the session
* @param string|int $key
- * @param mixed $default Returned if $this->exists( $key ) would be false
+ * @param mixed|null $default Returned if $this->exists( $key ) would be false
* @return mixed
*/
public function get( $key, $default = null ) {
// Encrypt
// @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets
- $iv = \MWCryptRand::generate( 16, true );
+ $iv = random_bytes( 16 );
$algorithm = self::getEncryptionAlgorithm();
switch ( $algorithm[0] ) {
case 'openssl':
/**
* Fetch a value from the session that was set with self::setSecret()
* @param string|int $key
- * @param mixed $default Returned if $this->exists( $key ) would be false or decryption fails
+ * @param mixed|null $default Returned if $this->exists( $key ) would be false or decryption fails
* @return mixed
*/
public function getSecret( $key, $default = null ) {
// Extension::OATHAuth.
// Unseal and check
- $pieces = explode( '.', $encrypted );
+ $pieces = explode( '.', $encrypted, 4 );
if ( count( $pieces ) !== 3 ) {
$ex = new \Exception( 'Invalid sealed-secret format' );
$this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );