Changeset 36886
- Timestamp:
- 03/08/2016 05:14:52 PM (8 years ago)
- Location:
- trunk/src/wp-includes/random_compat
- Files:
-
- 10 edited
-
byte_safe_strings.php (modified) (8 diffs)
-
cast_to_int.php (modified) (2 diffs)
-
random.php (modified) (10 diffs)
-
random_bytes_com_dotnet.php (modified) (3 diffs)
-
random_bytes_dev_urandom.php (modified) (6 diffs)
-
random_bytes_libsodium.php (modified) (2 diffs)
-
random_bytes_libsodium_legacy.php (modified) (2 diffs)
-
random_bytes_mcrypt.php (modified) (2 diffs)
-
random_bytes_openssl.php (modified) (3 diffs)
-
random_int.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/random_compat/byte_safe_strings.php
r35365 r36886 51 51 ); 52 52 } 53 53 54 return mb_strlen($binary_string, '8bit'); 54 55 } 56 55 57 } else { 56 58 /** … … 78 80 79 81 if (!function_exists('RandomCompat_substr')) { 82 80 83 if ( 81 defined('MB_OVERLOAD_STRING') && 84 defined('MB_OVERLOAD_STRING') 85 && 82 86 ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING 83 87 ) { … … 103 107 ); 104 108 } 109 105 110 if (!is_int($start)) { 106 111 throw new TypeError( … … 108 113 ); 109 114 } 115 110 116 if ($length === null) { 111 117 /** … … 119 125 ); 120 126 } 127 121 128 return mb_substr($binary_string, $start, $length, '8bit'); 122 129 } 130 123 131 } else { 132 124 133 /** 125 134 * substr() implementation that isn't brittle to mbstring.func_overload … … 142 151 ); 143 152 } 153 144 154 if (!is_int($start)) { 145 155 throw new TypeError( … … 147 157 ); 148 158 } 159 149 160 if ($length !== null) { 150 161 if (!is_int($length)) { … … 153 164 ); 154 165 } 166 155 167 return substr($binary_string, $start, $length); 156 168 } 169 157 170 return substr($binary_string, $start); 158 171 } -
trunk/src/wp-includes/random_compat/cast_to_int.php
r35365 r36886 38 38 * through. 39 39 * 40 * @param numeric $numberThe number we want to convert to an int41 * @param boolean $fail_open Set to true to not throw an exception40 * @param int|float $number The number we want to convert to an int 41 * @param boolean $fail_open Set to true to not throw an exception 42 42 * 43 43 * @return int (or float if $fail_open) 44 * 45 * @throws TypeError 44 46 */ 45 47 function RandomCompat_intval($number, $fail_open = false) … … 48 50 $number += 0; 49 51 } 52 50 53 if ( 51 is_float($number) && 52 $number > ~PHP_INT_MAX && 54 is_float($number) 55 && 56 $number > ~PHP_INT_MAX 57 && 53 58 $number < PHP_INT_MAX 54 59 ) { 55 60 $number = (int) $number; 56 61 } 62 57 63 if (is_int($number) || $fail_open) { 58 64 return $number; 59 65 } 66 60 67 throw new TypeError( 61 68 'Expected an integer.' -
trunk/src/wp-includes/random_compat/random.php
r36421 r36886 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 * @version 1.2.1 7 * @released 2016-02-29 8 * 6 9 * The MIT License (MIT) 7 * 10 * 8 11 * Copyright (c) 2015 Paragon Initiative Enterprises 9 * 12 * 10 13 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 14 * of this software and associated documentation files (the "Software"), to deal … … 14 17 * copies of the Software, and to permit persons to whom the Software is 15 18 * furnished to do so, subject to the following conditions: 16 * 19 * 17 20 * The above copyright notice and this permission notice shall be included in 18 21 * all copies or substantial portions of the Software. 19 * 22 * 20 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 24 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 30 33 // This constant was introduced in PHP 5.2.7 31 34 $RandomCompatversion = explode('.', PHP_VERSION); 32 define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2])); 35 define( 36 'PHP_VERSION_ID', 37 $RandomCompatversion[0] * 10000 38 + $RandomCompatversion[1] * 100 39 + $RandomCompatversion[2] 40 ); 33 41 $RandomCompatversion = null; 34 42 } 43 35 44 if (PHP_VERSION_ID < 70000) { 45 36 46 if (!defined('RANDOM_COMPAT_READ_BUFFER')) { 37 47 define('RANDOM_COMPAT_READ_BUFFER', 8); 38 48 } 49 39 50 $RandomCompatDIR = dirname(__FILE__); 51 40 52 require_once $RandomCompatDIR.'/byte_safe_strings.php'; 41 53 require_once $RandomCompatDIR.'/cast_to_int.php'; 42 54 require_once $RandomCompatDIR.'/error_polyfill.php'; 55 43 56 if (!function_exists('random_bytes')) { 44 57 /** 45 58 * PHP 5.2.0 - 5.6.x way to implement random_bytes() 46 * 59 * 47 60 * We use conditional statements here to define the function in accordance 48 61 * to the operating environment. It's a micro-optimization. 49 * 62 * 50 63 * In order of preference: 51 64 * 1. Use libsodium if available. … … 54 67 * 4. COM('CAPICOM.Utilities.1')->GetRandom() 55 68 * 5. openssl_random_pseudo_bytes() (absolute last resort) 56 * 69 * 57 70 * See ERRATA.md for our reasoning behind this particular order 58 71 */ … … 65 78 } 66 79 } 80 67 81 /** 68 82 * Reading directly from /dev/urandom: … … 73 87 $RandomCompatUrandom = true; 74 88 $RandomCompat_basedir = ini_get('open_basedir'); 89 75 90 if (!empty($RandomCompat_basedir)) { 76 91 $RandomCompat_open_basedir = explode( … … 84 99 $RandomCompat_open_basedir = null; 85 100 } 101 86 102 if ( 87 !function_exists('random_bytes') && 88 $RandomCompatUrandom && 103 !function_exists('random_bytes') 104 && 105 $RandomCompatUrandom 106 && 89 107 @is_readable('/dev/urandom') 90 108 ) { 91 109 // Error suppression on is_readable() in case of an open_basedir 92 110 // or safe_mode failure. All we care about is whether or not we 93 // can read it at this point. If the PHP environment is going to 94 // panic over trying to see if the file can be read in the first 111 // can read it at this point. If the PHP environment is going to 112 // panic over trying to see if the file can be read in the first 95 113 // place, that is not helpful to us here. 96 114 … … 99 117 } 100 118 // Unset variables after use 119 $RandomCompat_basedir = null; 101 120 $RandomCompatUrandom = null; 102 $RandomCompat_basedir = null; 103 } 104 121 } 122 105 123 /** 106 124 * mcrypt_create_iv() 107 125 */ 108 126 if ( 109 !function_exists('random_bytes') && 110 PHP_VERSION_ID >= 50307 && 127 !function_exists('random_bytes') 128 && 129 PHP_VERSION_ID >= 50307 130 && 111 131 extension_loaded('mcrypt') 112 132 ) { 113 // See random_bytes_mcrypt.php 114 require_once $RandomCompatDIR.'/random_bytes_mcrypt.php'; 115 } 133 // Prevent this code from hanging indefinitely on non-Windows; 134 // see https://bugs.php.net/bug.php?id=69833 135 if ( 136 DIRECTORY_SEPARATOR !== '/' || 137 (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613) 138 ) { 139 // See random_bytes_mcrypt.php 140 require_once $RandomCompatDIR.'/random_bytes_mcrypt.php'; 141 } 142 } 143 116 144 if ( 117 !function_exists('random_bytes') && 118 extension_loaded('com_dotnet') && 145 !function_exists('random_bytes') 146 && 147 extension_loaded('com_dotnet') 148 && 119 149 class_exists('COM') 120 150 ) { 121 151 $RandomCompat_disabled_classes = preg_split( 122 '#\s*,\s*#', 152 '#\s*,\s*#', 123 153 strtolower(ini_get('disable_classes')) 124 154 ); 125 155 126 156 if (!in_array('com', $RandomCompat_disabled_classes)) { 127 157 try { … … 138 168 $RandomCompatCOMtest = null; 139 169 } 140 170 141 171 /** 142 172 * openssl_random_pseudo_bytes() 143 173 */ 144 174 if ( 145 !function_exists('random_bytes') &&146 extension_loaded('openssl') &&147 175 ( 148 176 // Unix-like with PHP >= 5.3.0 or 149 177 ( 150 DIRECTORY_SEPARATOR === '/' && 178 DIRECTORY_SEPARATOR === '/' 179 && 151 180 PHP_VERSION_ID >= 50300 152 ) || 181 ) 182 || 153 183 // Windows with PHP >= 5.4.1 154 184 PHP_VERSION_ID >= 50401 155 185 ) 186 && 187 !function_exists('random_bytes') 188 && 189 extension_loaded('openssl') 156 190 ) { 157 191 // See random_bytes_openssl.php 158 192 require_once $RandomCompatDIR.'/random_bytes_openssl.php'; 159 193 } 160 194 161 195 /** 162 196 * throw new Exception … … 175 209 } 176 210 } 211 177 212 if (!function_exists('random_int')) { 178 213 require_once $RandomCompatDIR.'/random_int.php'; 179 214 } 215 180 216 $RandomCompatDIR = null; 181 217 } -
trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php
r35600 r36886 47 47 ); 48 48 } 49 49 50 if ($bytes < 1) { 50 51 throw new Error( … … 52 53 ); 53 54 } 55 54 56 $buf = ''; 55 57 $util = new COM('CAPICOM.Utilities.1'); 56 58 $execCount = 0; 59 57 60 /** 58 61 * Let's not let it loop forever. If we run N times and fail to … … 69 72 ++$execCount; 70 73 } while ($execCount < $bytes); 74 71 75 /** 72 76 * If we reach here, PHP has failed us. -
trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php
r35922 r36886 63 63 } 64 64 } 65 65 66 if (!empty($fp)) { 66 67 /** … … 80 81 } 81 82 } 83 82 84 try { 83 85 $bytes = RandomCompat_intval($bytes); … … 87 89 ); 88 90 } 91 89 92 if ($bytes < 1) { 90 93 throw new Error( … … 92 95 ); 93 96 } 97 94 98 /** 95 99 * This if() block only runs if we managed to open a file handle … … 102 106 $remaining = $bytes; 103 107 $buf = ''; 108 104 109 /** 105 110 * We use fread() in a loop to protect against partial reads … … 134 139 } 135 140 } 141 136 142 /** 137 143 * If we reach here, PHP has failed us. -
trunk/src/wp-includes/random_compat/random_bytes_libsodium.php
r35600 r36886 49 49 ); 50 50 } 51 51 52 if ($bytes < 1) { 52 53 throw new Error( … … 54 55 ); 55 56 } 57 56 58 /** 57 59 * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be -
trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php
r36220 r36886 49 49 ); 50 50 } 51 51 52 if ($bytes < 1) { 52 53 throw new Error( … … 54 55 ); 55 56 } 57 56 58 /** 57 59 * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be -
trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php
r35600 r36886 49 49 ); 50 50 } 51 51 52 if ($bytes < 1) { 52 53 throw new Error( … … 56 57 57 58 $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); 58 if ($buf !== false) { 59 if (RandomCompat_strlen($buf) === $bytes) { 60 /** 61 * Return our random entropy buffer here: 62 */ 63 return $buf; 64 } 59 if ( 60 $buf !== false 61 && 62 RandomCompat_strlen($buf) === $bytes 63 ) { 64 /** 65 * Return our random entropy buffer here: 66 */ 67 return $buf; 65 68 } 69 66 70 /** 67 71 * If we reach here, PHP has failed us. -
trunk/src/wp-includes/random_compat/random_bytes_openssl.php
r35600 r36886 49 49 ); 50 50 } 51 51 52 if ($bytes < 1) { 52 53 throw new Error( … … 54 55 ); 55 56 } 56 $secure = true; 57 57 58 /** 58 59 * $secure is passed by reference. If it's set to false, fail. Note … … 62 63 * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973 63 64 */ 65 $secure = true; 64 66 $buf = openssl_random_pseudo_bytes($bytes, $secure); 65 if ($buf !== false && $secure) { 66 if (RandomCompat_strlen($buf) === $bytes) { 67 return $buf; 68 } 67 if ( 68 $buf !== false 69 && 70 $secure 71 && 72 RandomCompat_strlen($buf) === $bytes 73 ) { 74 return $buf; 69 75 } 76 70 77 /** 71 78 * If we reach here, PHP has failed us. -
trunk/src/wp-includes/random_compat/random_int.php
r35365 r36886 56 56 ); 57 57 } 58 58 59 try { 59 60 $max = RandomCompat_intval($max); … … 74 75 ); 75 76 } 77 76 78 if ($max === $min) { 77 79 return $min; … … 99 101 */ 100 102 if (!is_int($range)) { 103 101 104 /** 102 105 * Still safely calculate wider ranges. … … 112 115 $bytes = PHP_INT_SIZE; 113 116 $mask = ~0; 117 114 118 } else { 119 115 120 /** 116 121 * $bits is effectively ceil(log($range, 2)) without dealing with … … 182 187 */ 183 188 } while (!is_int($val) || $val > $max || $val < $min); 189 184 190 return (int) $val; 185 191 }
Note: See TracChangeset
for help on using the changeset viewer.