From a6585cddae47144413565f3c1cd29debc69f6b41 Mon Sep 17 00:00:00 2001
From: bbeversdorf <bbeversdorf@gowithfloat.com>
Date: Sat, 2 Mar 2024 06:14:56 -0600
Subject: [PATCH] Remove the use of `mt_rand` (#5857)

`mt_rand` does not generate cryptographically secure values. This logic should be updated to follow best practices because this key should be random. Although the outcome is the same, because of the limited character set, it sets precedence to follow good security practices.
---
 src/Utils/StringUtils.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Utils/StringUtils.php b/src/Utils/StringUtils.php
index ab2c75f0e8..d40638b151 100644
--- a/src/Utils/StringUtils.php
+++ b/src/Utils/StringUtils.php
@@ -120,7 +120,7 @@ public static function generatePassword(int $length = 10): string
         for ($i = 0; $i < $length; $i++) {
             // Each iteration, pick a random character from the
             // allowable string and append it to the password:
-            $pass .= $allowable_characters[mt_rand(0, $len)];
+            $pass .= $allowable_characters[random_int(0, $len)];
         }
 
         return $pass;