Merge pull request #5259 from rubencm/ticket/15695

[ticket/15695] Fix gen_rand_string returning less characters than expected

phpBB/includes/functions.php

@@ -66,27 +66,29 @@ function set_var(&$result, $var, $type, $multibyte = false)
 /**
 * Generates an alphanumeric random string of given length
 *
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
 *
 * @return string
 */
 function gen_rand_string($num_chars = 8)
 {
 	// [a, z] + [0, 9] = 36
-	return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars)), 16, 36)), 0, $num_chars);
+	return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars + 1)), 16, 36)), 0, $num_chars);
 }
 
 /**
 * Generates a user-friendly alphanumeric random string of given length
 * We remove 0 and O so users cannot confuse those in passwords etc.
 *
-* @param int $num_chars Length of random string, defaults to 8
+* @param int $num_chars Length of random string, defaults to 8.
+* This number should be less or equal than 64.
 *
 * @return string
 */
 function gen_rand_string_friendly($num_chars = 8)
 {
-	$rand_str = bin2hex(random_bytes($num_chars));
+	$rand_str = bin2hex(random_bytes($num_chars + 1));
 
 	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
 	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34