Changeset 36421

Timestamp:

01/30/2016 12:56:07 AM (9 years ago)

Author:

dd32

Message:

Update Random_Compat to the latest version (1.1.6).

See #35665

File:

• trunk/src/wp-includes/random_compat/random.php (modified) (5 diffs)

trunk/src/wp-includes/random_compat/random.php

@@ -51 +51 @@
          *   1. Use libsodium if available.
          *   2. fread() /dev/urandom if available (never on Windows)
-         *   3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
+         *   3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
          *   4. COM('CAPICOM.Utilities.1')->GetRandom()
          *   5. openssl_random_pseudo_bytes() (absolute last resort)
@@ -65 +65 @@
             }
         }
-        if (
-            !function_exists('random_bytes') && 
-            DIRECTORY_SEPARATOR === '/' &&
-            @is_readable('/dev/urandom')
-        ) {
+        /**
+         * Reading directly from /dev/urandom:
+         */
+        if (DIRECTORY_SEPARATOR === '/') {
             // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
             // way to exclude Windows.
-            // 
-            // Error suppression on is_readable() in case of an open_basedir or 
-            // safe_mode failure. All we care about is whether or not we can 
-            // read it at this point. If the PHP environment is going to panic 
-            // over trying to see if the file can be read in the first place,
-            // that is not helpful to us here.
-            
-            // See random_bytes_dev_urandom.php
+            $RandomCompatUrandom = true;
+            $RandomCompat_basedir = ini_get('open_basedir');
+            if (!empty($RandomCompat_basedir)) {
+                $RandomCompat_open_basedir = explode(
+                    PATH_SEPARATOR,
+                    strtolower($RandomCompat_basedir)
+                );
+                $RandomCompatUrandom = in_array(
+                    '/dev',
+                    $RandomCompat_open_basedir
+                );
+                $RandomCompat_open_basedir = null;
+            }
+            if (
+                !function_exists('random_bytes') && 
+                $RandomCompatUrandom &&
+                @is_readable('/dev/urandom')
+            ) {
+                // Error suppression on is_readable() in case of an open_basedir
+                // or safe_mode failure. All we care about is whether or not we
+                // can read it at this point. If the PHP environment is going to 
+                // panic over trying to see if the file can be read in the first 
+                // place, that is not helpful to us here.
+
+                // See random_bytes_dev_urandom.php
                 require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
             }
+            // Unset variables after use
+            $RandomCompatUrandom = null;
+            $RandomCompat_basedir = null;
+        }
+        
+        /**
+         * mcrypt_create_iv()
+         */
         if (
             !function_exists('random_bytes') &&
@@ -114 +138 @@
             $RandomCompatCOMtest = null;
         }
+        
+        /**
+         * openssl_random_pseudo_bytes()
+         */
         if (
             !function_exists('random_bytes') && 
@@ -130 +158 @@
             require_once $RandomCompatDIR.'/random_bytes_openssl.php';
         }
+        
+        /**
+         * throw new Exception
+         */
         if (!function_exists('random_bytes')) {
             /**
@@ -135 +167 @@
              * and hope the developer won't let it fail silently.
              */
-            function random_bytes()
+            function random_bytes($length)
             {
                 throw new Exception(