it’s computationally, and on the kernel pool, much cheaper than
openssl_random_pseudo_bytes() which initialises the OpenSSL pool,
which eats more bytes from the kernel pool
function util_mkdtemp($suffix = '', $prefix = 'tmp') {
$tempdir = sys_get_temp_dir();
for ($i=0; $i<5; $i++) {
- $id = strtr(base64_encode(openssl_random_pseudo_bytes(6)), '+/', '-_');
+ $id = strtr(base64_encode(util_randbytes(6)), '+/', '-_');
$path = "{$tempdir}/{$prefix}{$id}{$suffix}";
if (mkdir($path, 0700)) {
return $path;