[ci skip] Suggest random_bytes() over random_string() (fix #3432)

author: Andrey Andreev <narf@devilix.net> 2022-01-05 22:46:50 +0100
committer: Andrey Andreev <narf@devilix.net> 2022-01-05 22:46:50 +0100
commit: 25ae2a3c0a8f20098181e20d55a61c0c42559ee9 (patch)
tree: 8d1f419a67784bc4c9771ed04a9289dae1986b5f /user_guide_src
parent: b8ad8411998b028f829db4231b3ef1db0eef8813 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/user_guide_src/source/helpers/string_helper.rst b/user_guide_src/source/helpers/string_helper.rst
index 6dabc60d3..f08f56b0b 100644
--- a/user_guide_src/source/helpers/string_helper.rst
+++ b/user_guide_src/source/helpers/string_helper.rst
@@ -36,7 +36,6 @@ The following functions are available:
 	:rtype:	string
 
 	Generates a random string based on the type and length you specify.
-	Useful for creating passwords or generating random hashes.
 
 	The first parameter specifies the type of string, the second parameter
 	specifies the length. The following choices are available:
@@ -53,6 +52,10 @@ The following functions are available:
 
 		echo random_string('alnum', 16);
 
+	.. note:: Usage of this function is NOT suitable for password generation
+		or other security-sensitive purposes. Please use
+		`random_bytes() <https://secure.php.net/random_bytes>`_ instead.
+
 	.. note:: Usage of the *unique* and *encrypt* types is DEPRECATED. They
 		are just aliases for *md5* and *sha1* respectively.
author	Andrey Andreev <narf@devilix.net>	2022-01-05 22:46:50 +0100
committer	Andrey Andreev <narf@devilix.net>	2022-01-05 22:46:50 +0100
commit	25ae2a3c0a8f20098181e20d55a61c0c42559ee9 (patch)
tree	8d1f419a67784bc4c9771ed04a9289dae1986b5f /user_guide_src
parent	b8ad8411998b028f829db4231b3ef1db0eef8813 (diff)