Make WordPress Core

Changeset 52742


Ignore:
Timestamp:
02/16/2022 09:17:04 PM (3 years ago)
Author:
SergeyBiryukov
Message:

External Libraries: Update random_compat to version 2.0.21.

The latest release includes improved compatibility with PHP 8.1, as well as some bug fixes for Windows platforms.

Release notes:
https://github.com/paragonie/random_compat/releases/tag/v2.0.21

For a full list of changes in this update, see the random_compat GitHub:
https://github.com/paragonie/random_compat/compare/v2.0.11...v2.0.21

Follow-up to [42130].

Props jrf, paragoninitiativeenterprises.
Fixes #55181.

Location:
trunk/src/wp-includes/random_compat
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/random_compat/byte_safe_strings.php

    r46586 r52742  
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
    99 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
     
    2929if (!is_callable('RandomCompat_strlen')) {
    3030    if (
    31         defined('MB_OVERLOAD_STRING') &&
    32         ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
     31        defined('MB_OVERLOAD_STRING')
     32            &&
     33        ((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
    3334    ) {
    3435        /**
     
    8384    if (
    8485        defined('MB_OVERLOAD_STRING')
    85         &&
    86         ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
     86            &&
     87        ((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
    8788    ) {
    8889        /**
     
    9495         * @param string $binary_string
    9596         * @param int $start
    96          * @param int $length (optional)
     97         * @param int|null $length (optional)
    9798         *
    9899         * @throws TypeError
     
    119120                 * PHP 5.3, so we have to find the length ourselves.
    120121                 */
     122                /** @var int $length */
    121123                $length = RandomCompat_strlen($binary_string) - $start;
    122124            } elseif (!is_int($length)) {
     
    134136            }
    135137
    136             return (string) mb_substr($binary_string, $start, $length, '8bit');
     138            return (string) mb_substr(
     139                (string) $binary_string,
     140                (int) $start,
     141                (int) $length,
     142                '8bit'
     143            );
    137144        }
    138145
     
    146153         * @param string $binary_string
    147154         * @param int $start
    148          * @param int $length (optional)
     155         * @param int|null $length (optional)
    149156         *
    150157         * @throws TypeError
     
    173180                }
    174181
    175                 return (string) substr($binary_string, $start, $length);
     182                return (string) substr(
     183                    (string )$binary_string,
     184                    (int) $start,
     185                    (int) $length
     186                );
    176187            }
    177188
    178             return (string) substr($binary_string, $start);
     189            return (string) substr(
     190                (string) $binary_string,
     191                (int) $start
     192            );
    179193        }
    180194    }
  • trunk/src/wp-includes/random_compat/cast_to_int.php

    r46586 r52742  
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
    99 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
     
    2828
    2929if (!is_callable('RandomCompat_intval')) {
    30    
     30
    3131    /**
    3232     * Cast to an integer if we can, safely.
    33      * 
     33     *
    3434     * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
    3535     * (non-inclusive), it will sanely cast it to an int. If you it's equal to
     
    3737     * lose precision, so the <= and => operators might accidentally let a float
    3838     * through.
    39      * 
     39     *
    4040     * @param int|float $number    The number we want to convert to an int
    4141     * @param bool      $fail_open Set to true to not throw an exception
    42      * 
     42     *
    4343     * @return float|int
    4444     * @psalm-suppress InvalidReturnType
     
    5151            $number += 0;
    5252        } elseif (is_numeric($number)) {
     53            /** @psalm-suppress InvalidOperand */
    5354            $number += 0;
    5455        }
     56        /** @var int|float $number */
    5557
    5658        if (
    5759            is_float($number)
    58             &&
     60                &&
    5961            $number > ~PHP_INT_MAX
    60             &&
     62                &&
    6163            $number < PHP_INT_MAX
    6264        ) {
  • trunk/src/wp-includes/random_compat/error_polyfill.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    3131    class Error extends Exception
    3232    {
    33        
     33
    3434    }
    3535}
     
    3939        class TypeError extends Error
    4040        {
    41            
     41
    4242        }
    4343    } else {
    4444        class TypeError extends Exception
    4545        {
    46            
     46
    4747        }
    4848    }
  • trunk/src/wp-includes/random_compat/random.php

    r46586 r52742  
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    55 *
    6  * @version 2.0.10
    7  * @released 2017-03-13
     6 * @version 2.0.17
     7 * @released 2018-07-04
    88 *
    99 * The MIT License (MIT)
    1010 *
    11  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
     11 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
    1212 *
    1313 * Permission is hereby granted, free of charge, to any person obtaining a copy
     
    5555$RandomCompatDIR = dirname(__FILE__);
    5656
    57 require_once $RandomCompatDIR . '/byte_safe_strings.php';
    58 require_once $RandomCompatDIR . '/cast_to_int.php';
    59 require_once $RandomCompatDIR . '/error_polyfill.php';
     57require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'byte_safe_strings.php';
     58require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'cast_to_int.php';
     59require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'error_polyfill.php';
    6060
    6161if (!is_callable('random_bytes')) {
     
    7777        // See random_bytes_libsodium.php
    7878        if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
    79             require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
     79            require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium.php';
    8080        } elseif (method_exists('Sodium', 'randombytes_buf')) {
    81             require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
     81            require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium_legacy.php';
    8282        }
    8383    }
     
    118118
    119119            // See random_bytes_dev_urandom.php
    120             require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
     120            require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_dev_urandom.php';
    121121        }
    122122        // Unset variables after use
     
    160160    ) {
    161161        // See random_bytes_mcrypt.php
    162         require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
     162        require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_mcrypt.php';
    163163    }
    164164    $RandomCompatUrandom = null;
     
    183183            try {
    184184                $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
    185                 if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
     185                /** @psalm-suppress TypeDoesNotContainType */
     186                if (is_callable(array($RandomCompatCOMtest, 'GetRandom'))) {
    186187                    // See random_bytes_com_dotnet.php
    187                     require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
     188                    require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_com_dotnet.php';
    188189                }
    189190            } catch (com_exception $e) {
     
    204205         *
    205206         * @param mixed $length
    206          * @return void
     207         * @psalm-suppress InvalidReturnType
    207208         * @throws Exception
     209         * @return string
    208210         */
    209211        function random_bytes($length)
     
    213215                'There is no suitable CSPRNG installed on your system'
    214216            );
     217            return '';
    215218        }
    216219    }
     
    218221
    219222if (!is_callable('random_int')) {
    220     require_once $RandomCompatDIR . '/random_int.php';
     223    require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_int.php';
    221224}
    222225
  • trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    7  * 
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     7 *
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    4242    {
    4343        try {
     44            /** @var int $bytes */
    4445            $bytes = RandomCompat_intval($bytes);
    4546        } catch (TypeError $ex) {
     
    5556        }
    5657
     58        /** @var string $buf */
    5759        $buf = '';
    5860        if (!class_exists('COM')) {
     
    6163            );
    6264        }
     65        /** @var COM $util */
    6366        $util = new COM('CAPICOM.Utilities.1');
    6467        $execCount = 0;
     
    6972         */
    7073        do {
    71             $buf .= base64_decode($util->GetRandom($bytes, 0));
     74            $buf .= base64_decode((string) $util->GetRandom($bytes, 0));
    7275            if (RandomCompat_strlen($buf) >= $bytes) {
    7376                /**
    7477                 * Return our random entropy buffer here:
    7578                 */
    76                 return RandomCompat_substr($buf, 0, $bytes);
     79                return (string) RandomCompat_substr($buf, 0, $bytes);
    7780            }
    7881            ++$execCount;
  • trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    3737     *
    3838     * Why we use /dev/urandom and not /dev/random
     39     * @ref https://www.2uo.de/myths-about-urandom
    3940     * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
    4041     *
     
    4748    function random_bytes($bytes)
    4849    {
     50        /** @var resource $fp */
    4951        static $fp = null;
     52
    5053        /**
    5154         * This block should only be run once
     
    5356        if (empty($fp)) {
    5457            /**
    55              * We use /dev/urandom if it is a char device.
    56              * We never fall back to /dev/random
     58             * We don't want to ever read C:\dev\random, only /dev/urandom on
     59             * Unix-like operating systems. While we guard against this
     60             * condition in random.php, it doesn't hurt to be defensive in depth
     61             * here.
     62             *
     63             * To that end, we only try to open /dev/urandom if we're on a Unix-
     64             * like operating system (which means the directory separator is set
     65             * to "/" not "\".
    5766             */
    58             $fp = fopen('/dev/urandom', 'rb');
    59             if (!empty($fp)) {
    60                 $st = fstat($fp);
    61                 if (($st['mode'] & 0170000) !== 020000) {
    62                     fclose($fp);
    63                     $fp = false;
     67            if (DIRECTORY_SEPARATOR === '/') {
     68                if (!is_readable('/dev/urandom')) {
     69                    throw new Exception(
     70                        'Environment misconfiguration: ' .
     71                        '/dev/urandom cannot be read.'
     72                    );
     73                }
     74                /**
     75                 * We use /dev/urandom if it is a char device.
     76                 * We never fall back to /dev/random
     77                 */
     78                /** @var resource|bool $fp */
     79                $fp = fopen('/dev/urandom', 'rb');
     80                if (is_resource($fp)) {
     81                    /** @var array<string, int> $st */
     82                    $st = fstat($fp);
     83                    if (($st['mode'] & 0170000) !== 020000) {
     84                        fclose($fp);
     85                        $fp = false;
     86                    }
    6487                }
    6588            }
    6689
    67             if (!empty($fp)) {
     90            if (is_resource($fp)) {
    6891                /**
    6992                 * stream_set_read_buffer() does not exist in HHVM
     
    84107
    85108        try {
     109            /** @var int $bytes */
    86110            $bytes = RandomCompat_intval($bytes);
    87111        } catch (TypeError $ex) {
     
    104128         * page load.
    105129         */
    106         if (!empty($fp)) {
     130        if (is_resource($fp)) {
    107131            /**
    108132             * @var int
     
    124148                $read = fread($fp, $remaining);
    125149                if (!is_string($read)) {
    126                     if ($read === false) {
    127                         /**
    128                          * We cannot safely read from the file. Exit the
    129                          * do-while loop and trigger the exception condition
    130                          *
    131                          * @var string|bool
    132                          */
    133                         $buf = false;
    134                         break;
    135                     }
     150                    /**
     151                     * We cannot safely read from the file. Exit the
     152                     * do-while loop and trigger the exception condition
     153                     *
     154                     * @var string|bool
     155                     */
     156                    $buf = false;
     157                    break;
    136158                }
    137159                /**
     
    140162                $remaining -= RandomCompat_strlen($read);
    141163                /**
    142                  * @var string|bool
     164                 * @var string $buf
    143165                 */
    144                 $buf = $buf . $read;
     166                $buf .= $read;
    145167            } while ($remaining > 0);
    146168
    147169            /**
    148170             * Is our result valid?
     171             * @var string|bool $buf
    149172             */
    150173            if (is_string($buf)) {
  • trunk/src/wp-includes/random_compat/random_bytes_libsodium.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    4444    {
    4545        try {
     46            /** @var int $bytes */
    4647            $bytes = RandomCompat_intval($bytes);
    4748        } catch (TypeError $ex) {
     
    6162         * generated in one invocation.
    6263         */
     64        /** @var string|bool $buf */
    6365        if ($bytes > 2147483647) {
    6466            $buf = '';
     
    7072            }
    7173        } else {
     74            /** @var string|bool $buf */
    7275            $buf = \Sodium\randombytes_buf($bytes);
    7376        }
    7477
    75         if ($buf !== false) {
     78        if (is_string($buf)) {
    7679            if (RandomCompat_strlen($buf) === $bytes) {
    7780                return $buf;
  • trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    4444    {
    4545        try {
     46            /** @var int $bytes */
    4647            $bytes = RandomCompat_intval($bytes);
    4748        } catch (TypeError $ex) {
  • trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php

    r46586 r52742  
    11<?php
    22/**
    3  * Random_* Compatibility Library 
     3 * Random_* Compatibility Library
    44 * for using the new PHP 7 random_* API in PHP 5 projects
    5  * 
     5 *
    66 * The MIT License (MIT)
    77 *
    8  * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
    9  * 
     8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
     9 *
    1010 * Permission is hereby granted, free of charge, to any person obtaining a copy
    1111 * of this software and associated documentation files (the "Software"), to deal
     
    1414 * copies of the Software, and to permit persons to whom the Software is
    1515 * furnished to do so, subject to the following conditions:
    16  * 
     16 *
    1717 * The above copyright notice and this permission notice shall be included in
    1818 * all copies or substantial portions of the Software.
    19  * 
     19 *
    2020 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    2121 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     
    4343    {
    4444        try {
     45            /** @var int $bytes */
    4546            $bytes = RandomCompat_intval($bytes);
    4647        } catch (TypeError $ex) {
     
    5657        }
    5758
    58         $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
     59        /** @var string|bool $buf */
     60        $buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM);
    5961        if (
    60             $buf !== false
    61             &&
     62            is_string($buf)
     63                &&
    6264            RandomCompat_strlen($buf) === $bytes
    6365        ) {
  • trunk/src/wp-includes/random_compat/random_int.php

    r46586 r52742  
    88     * The MIT License (MIT)
    99     *
    10      * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
     10     * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
    1111     *
    1212     * Permission is hereby granted, free of charge, to any person obtaining a copy
     
    5252
    5353        try {
     54            /** @var int $min */
    5455            $min = RandomCompat_intval($min);
    5556        } catch (TypeError $ex) {
     
    6061
    6162        try {
     63            /** @var int $max */
    6264            $max = RandomCompat_intval($max);
    6365        } catch (TypeError $ex) {
     
    9193         */
    9294        $attempts = $bits = $bytes = $mask = $valueShift = 0;
     95        /** @var int $attempts */
     96        /** @var int $bits */
     97        /** @var int $bytes */
     98        /** @var int $mask */
     99        /** @var int $valueShift */
    93100
    94101        /**
     
    96103         * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
    97104         * a float and we will lose some precision.
     105         *
     106         * @var int|float $range
    98107         */
    99108        $range = $max - $min;
     
    116125             */
    117126            $bytes = PHP_INT_SIZE;
     127            /** @var int $mask */
    118128            $mask = ~0;
    119129
     
    130140                ++$bits;
    131141                $range >>= 1;
     142                /** @var int $mask */
    132143                $mask = $mask << 1 | 1;
    133144            }
     
    135146        }
    136147
     148        /** @var int $val */
    137149        $val = 0;
    138150        /**
     
    140152         * random integers until one falls between $min and $max
    141153         */
     154        /** @psalm-suppress RedundantCondition */
    142155        do {
    143156            /**
     
    170183                $val |= ord($randomByteString[$i]) << ($i * 8);
    171184            }
     185            /** @var int $val */
    172186
    173187            /**
Note: See TracChangeset for help on using the changeset viewer.