From f65c5ebb067b5e1fb37fca4dd99b752e51053800 Mon Sep 17 00:00:00 2001
From: Akshay Jain <30288355+wr3nch0x1@users.noreply.github.com>
Date: Mon, 28 Jun 2021 19:12:15 -0400
Subject: [PATCH] Fixed Security issue (#2131)

Fixed Insecure randomness vulnerability
---
 src/OpenWork/Provider/Client.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenWork/Provider/Client.php b/src/OpenWork/Provider/Client.php
index 2fe320321..c63b589b3 100644
--- a/src/OpenWork/Provider/Client.php
+++ b/src/OpenWork/Provider/Client.php
@@ -44,7 +44,7 @@ public function __construct(ServiceContainer $app)
     public function getLoginUrl(string $redirectUri = '', string $userType = 'admin', string $state = '')
     {
         $redirectUri || $redirectUri = $this->app->config['redirect_uri_single'];
-        $state || $state = rand();
+        $state || $state = random_bytes(64);
         $params = [
             'appid' => $this->app['config']['corp_id'],
             'redirect_uri' => $redirectUri,