From f09c78aad993b9eee5c96a6a3c75e1c1de0eaee9 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Fri, 8 Nov 2013 21:35:51 -0500
Subject: [PATCH] save security keys as a serialized string instead of exported variable.

---
 apps/basic/config/console.php          | 2 +-
 apps/basic/config/web.php              | 2 +-
 framework/yii/helpers/BaseSecurity.php | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/basic/config/console.php b/apps/basic/config/console.php
index c70993e..6f3f9a8 100644
--- a/apps/basic/config/console.php
+++ b/apps/basic/config/console.php
@@ -1,7 +1,7 @@
 <?php
 $params = require(__DIR__ . '/params.php');
 return [
-	'id' => 'bootstrap-console',
+	'id' => 'basic-console',
 	'basePath' => dirname(__DIR__),
 	'preload' => ['log'],
 	'controllerPath' => dirname(__DIR__) . '/commands',
diff --git a/apps/basic/config/web.php b/apps/basic/config/web.php
index 1f6c51f..cf921b0 100644
--- a/apps/basic/config/web.php
+++ b/apps/basic/config/web.php
@@ -1,7 +1,7 @@
 <?php
 $params = require(__DIR__ . '/params.php');
 $config = [
-	'id' => 'bootstrap',
+	'id' => 'basic',
 	'basePath' => dirname(__DIR__),
 	'extensions' => require(__DIR__ . '/../vendor/yiisoft/extensions.php'),
 	'components' => [
diff --git a/framework/yii/helpers/BaseSecurity.php b/framework/yii/helpers/BaseSecurity.php
index 6b7f1cf..db226ea 100644
--- a/framework/yii/helpers/BaseSecurity.php
+++ b/framework/yii/helpers/BaseSecurity.php
@@ -175,7 +175,7 @@ class BaseSecurity
 	/**
 	 * Returns a secret key associated with the specified name.
 	 * If the secret key does not exist, a random key will be generated
-	 * and saved in the file "keys.php" under the application's runtime directory
+	 * and saved in the file "keys.data" under the application's runtime directory
 	 * so that the same secret key can be returned in future requests.
 	 * @param string $name the name that is associated with the secret key
 	 * @param integer $length the length of the key that should be generated if not exists
@@ -184,16 +184,16 @@ class BaseSecurity
 	public static function getSecretKey($name, $length = 32)
 	{
 		static $keys;
-		$keyFile = Yii::$app->getRuntimePath() . '/keys.php';
+		$keyFile = Yii::$app->getRuntimePath() . '/keys.data';
 		if ($keys === null) {
 			$keys = [];
 			if (is_file($keyFile)) {
-				$keys = require($keyFile);
+				$keys = unserialize(file_get_contents($keyFile));
 			}
 		}
 		if (!isset($keys[$name])) {
 			$keys[$name] = static::generateRandomKey($length);
-			file_put_contents($keyFile, "<?php\nreturn " . var_export($keys, true) . ";\n");
+			file_put_contents($keyFile, serialize($keys));
 		}
 		return $keys[$name];
 	}
--
libgit2 0.27.1