Hi

Am 2026-06-18 11:59, schrieb Sjoerd Langkemper:
This is a problem when used on big numbers in security contexts. This semi-often happens when users want to create a "nice" random token:

Is this actually a thing that happens in security contexts? I'm only ever seeing `base64_encode()` being applies to `random_bytes()` directly.

But as to the question itself: I consider a warning to be appropriate when the function does not what you expect it to do and I think adding it would be in line with the “input validation” policy: https://wiki.php.net/rfc/policy-exempt-type-value-error-bc-policy.

Best regards
Tim Düsterhus

Reply via email to