From 6f4162ed74f6e7e07242a1b378d9f1142a93097b Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Thu, 29 Dec 2016 23:46:08 +1300
Subject: [PATCH] FIX PHP 7.x should use random_bytes for entropy ahead of
 deprecated mcrypt lib

---
 src/Security/RandomGenerator.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Security/RandomGenerator.php b/src/Security/RandomGenerator.php
index 4902c0035..ffbd73ec0 100644
--- a/src/Security/RandomGenerator.php
+++ b/src/Security/RandomGenerator.php
@@ -24,6 +24,11 @@ class RandomGenerator
     {
         $isWin = preg_match('/WIN/', PHP_OS);
 
+        // PHP 7.1 preference, since mcrypt is deprecated
+        if (function_exists('random_bytes')) {
+            return bin2hex(random_bytes(64));
+        }
+
         // TODO Fails with "Could not gather sufficient random data" on IIS, temporarily disabled on windows
         if (!$isWin) {
             if (function_exists('mcrypt_create_iv')) {