Changeset 52742
- Timestamp:
- 02/16/2022 09:17:04 PM (3 years ago)
- Location:
- trunk/src/wp-includes/random_compat
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/random_compat/byte_safe_strings.php
r46586 r52742 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy … … 29 29 if (!is_callable('RandomCompat_strlen')) { 30 30 if ( 31 defined('MB_OVERLOAD_STRING') && 32 ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING 31 defined('MB_OVERLOAD_STRING') 32 && 33 ((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING 33 34 ) { 34 35 /** … … 83 84 if ( 84 85 defined('MB_OVERLOAD_STRING') 85 &&86 ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING86 && 87 ((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING 87 88 ) { 88 89 /** … … 94 95 * @param string $binary_string 95 96 * @param int $start 96 * @param int $length (optional)97 * @param int|null $length (optional) 97 98 * 98 99 * @throws TypeError … … 119 120 * PHP 5.3, so we have to find the length ourselves. 120 121 */ 122 /** @var int $length */ 121 123 $length = RandomCompat_strlen($binary_string) - $start; 122 124 } elseif (!is_int($length)) { … … 134 136 } 135 137 136 return (string) mb_substr($binary_string, $start, $length, '8bit'); 138 return (string) mb_substr( 139 (string) $binary_string, 140 (int) $start, 141 (int) $length, 142 '8bit' 143 ); 137 144 } 138 145 … … 146 153 * @param string $binary_string 147 154 * @param int $start 148 * @param int $length (optional)155 * @param int|null $length (optional) 149 156 * 150 157 * @throws TypeError … … 173 180 } 174 181 175 return (string) substr($binary_string, $start, $length); 182 return (string) substr( 183 (string )$binary_string, 184 (int) $start, 185 (int) $length 186 ); 176 187 } 177 188 178 return (string) substr($binary_string, $start); 189 return (string) substr( 190 (string) $binary_string, 191 (int) $start 192 ); 179 193 } 180 194 } -
trunk/src/wp-includes/random_compat/cast_to_int.php
r46586 r52742 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy … … 28 28 29 29 if (!is_callable('RandomCompat_intval')) { 30 30 31 31 /** 32 32 * Cast to an integer if we can, safely. 33 * 33 * 34 34 * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX) 35 35 * (non-inclusive), it will sanely cast it to an int. If you it's equal to … … 37 37 * lose precision, so the <= and => operators might accidentally let a float 38 38 * through. 39 * 39 * 40 40 * @param int|float $number The number we want to convert to an int 41 41 * @param bool $fail_open Set to true to not throw an exception 42 * 42 * 43 43 * @return float|int 44 44 * @psalm-suppress InvalidReturnType … … 51 51 $number += 0; 52 52 } elseif (is_numeric($number)) { 53 /** @psalm-suppress InvalidOperand */ 53 54 $number += 0; 54 55 } 56 /** @var int|float $number */ 55 57 56 58 if ( 57 59 is_float($number) 58 &&60 && 59 61 $number > ~PHP_INT_MAX 60 &&62 && 61 63 $number < PHP_INT_MAX 62 64 ) { -
trunk/src/wp-includes/random_compat/error_polyfill.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 31 31 class Error extends Exception 32 32 { 33 33 34 34 } 35 35 } … … 39 39 class TypeError extends Error 40 40 { 41 41 42 42 } 43 43 } else { 44 44 class TypeError extends Exception 45 45 { 46 46 47 47 } 48 48 } -
trunk/src/wp-includes/random_compat/random.php
r46586 r52742 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 5 * 6 * @version 2.0.1 07 * @released 201 7-03-136 * @version 2.0.17 7 * @released 2018-07-04 8 8 * 9 9 * The MIT License (MIT) 10 10 * 11 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises11 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 12 12 * 13 13 * Permission is hereby granted, free of charge, to any person obtaining a copy … … 55 55 $RandomCompatDIR = dirname(__FILE__); 56 56 57 require_once $RandomCompatDIR . '/byte_safe_strings.php';58 require_once $RandomCompatDIR . '/cast_to_int.php';59 require_once $RandomCompatDIR . '/error_polyfill.php';57 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'byte_safe_strings.php'; 58 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'cast_to_int.php'; 59 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'error_polyfill.php'; 60 60 61 61 if (!is_callable('random_bytes')) { … … 77 77 // See random_bytes_libsodium.php 78 78 if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) { 79 require_once $RandomCompatDIR . '/random_bytes_libsodium.php';79 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium.php'; 80 80 } elseif (method_exists('Sodium', 'randombytes_buf')) { 81 require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';81 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium_legacy.php'; 82 82 } 83 83 } … … 118 118 119 119 // See random_bytes_dev_urandom.php 120 require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';120 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_dev_urandom.php'; 121 121 } 122 122 // Unset variables after use … … 160 160 ) { 161 161 // See random_bytes_mcrypt.php 162 require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';162 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_mcrypt.php'; 163 163 } 164 164 $RandomCompatUrandom = null; … … 183 183 try { 184 184 $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); 185 if (method_exists($RandomCompatCOMtest, 'GetRandom')) { 185 /** @psalm-suppress TypeDoesNotContainType */ 186 if (is_callable(array($RandomCompatCOMtest, 'GetRandom'))) { 186 187 // See random_bytes_com_dotnet.php 187 require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';188 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_com_dotnet.php'; 188 189 } 189 190 } catch (com_exception $e) { … … 204 205 * 205 206 * @param mixed $length 206 * @ return void207 * @psalm-suppress InvalidReturnType 207 208 * @throws Exception 209 * @return string 208 210 */ 209 211 function random_bytes($length) … … 213 215 'There is no suitable CSPRNG installed on your system' 214 216 ); 217 return ''; 215 218 } 216 219 } … … 218 221 219 222 if (!is_callable('random_int')) { 220 require_once $RandomCompatDIR . '/random_int.php';223 require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_int.php'; 221 224 } 222 225 -
trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 7 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 14 14 * copies of the Software, and to permit persons to whom the Software is 15 15 * furnished to do so, subject to the following conditions: 16 * 16 * 17 17 * The above copyright notice and this permission notice shall be included in 18 18 * all copies or substantial portions of the Software. 19 * 19 * 20 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 42 42 { 43 43 try { 44 /** @var int $bytes */ 44 45 $bytes = RandomCompat_intval($bytes); 45 46 } catch (TypeError $ex) { … … 55 56 } 56 57 58 /** @var string $buf */ 57 59 $buf = ''; 58 60 if (!class_exists('COM')) { … … 61 63 ); 62 64 } 65 /** @var COM $util */ 63 66 $util = new COM('CAPICOM.Utilities.1'); 64 67 $execCount = 0; … … 69 72 */ 70 73 do { 71 $buf .= base64_decode( $util->GetRandom($bytes, 0));74 $buf .= base64_decode((string) $util->GetRandom($bytes, 0)); 72 75 if (RandomCompat_strlen($buf) >= $bytes) { 73 76 /** 74 77 * Return our random entropy buffer here: 75 78 */ 76 return RandomCompat_substr($buf, 0, $bytes);79 return (string) RandomCompat_substr($buf, 0, $bytes); 77 80 } 78 81 ++$execCount; -
trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 14 14 * copies of the Software, and to permit persons to whom the Software is 15 15 * furnished to do so, subject to the following conditions: 16 * 16 * 17 17 * The above copyright notice and this permission notice shall be included in 18 18 * all copies or substantial portions of the Software. 19 * 19 * 20 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 37 37 * 38 38 * Why we use /dev/urandom and not /dev/random 39 * @ref https://www.2uo.de/myths-about-urandom 39 40 * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers 40 41 * … … 47 48 function random_bytes($bytes) 48 49 { 50 /** @var resource $fp */ 49 51 static $fp = null; 52 50 53 /** 51 54 * This block should only be run once … … 53 56 if (empty($fp)) { 54 57 /** 55 * We use /dev/urandom if it is a char device. 56 * We never fall back to /dev/random 58 * We don't want to ever read C:\dev\random, only /dev/urandom on 59 * Unix-like operating systems. While we guard against this 60 * condition in random.php, it doesn't hurt to be defensive in depth 61 * here. 62 * 63 * To that end, we only try to open /dev/urandom if we're on a Unix- 64 * like operating system (which means the directory separator is set 65 * to "/" not "\". 57 66 */ 58 $fp = fopen('/dev/urandom', 'rb'); 59 if (!empty($fp)) { 60 $st = fstat($fp); 61 if (($st['mode'] & 0170000) !== 020000) { 62 fclose($fp); 63 $fp = false; 67 if (DIRECTORY_SEPARATOR === '/') { 68 if (!is_readable('/dev/urandom')) { 69 throw new Exception( 70 'Environment misconfiguration: ' . 71 '/dev/urandom cannot be read.' 72 ); 73 } 74 /** 75 * We use /dev/urandom if it is a char device. 76 * We never fall back to /dev/random 77 */ 78 /** @var resource|bool $fp */ 79 $fp = fopen('/dev/urandom', 'rb'); 80 if (is_resource($fp)) { 81 /** @var array<string, int> $st */ 82 $st = fstat($fp); 83 if (($st['mode'] & 0170000) !== 020000) { 84 fclose($fp); 85 $fp = false; 86 } 64 87 } 65 88 } 66 89 67 if ( !empty($fp)) {90 if (is_resource($fp)) { 68 91 /** 69 92 * stream_set_read_buffer() does not exist in HHVM … … 84 107 85 108 try { 109 /** @var int $bytes */ 86 110 $bytes = RandomCompat_intval($bytes); 87 111 } catch (TypeError $ex) { … … 104 128 * page load. 105 129 */ 106 if ( !empty($fp)) {130 if (is_resource($fp)) { 107 131 /** 108 132 * @var int … … 124 148 $read = fread($fp, $remaining); 125 149 if (!is_string($read)) { 126 if ($read === false) { 127 /** 128 * We cannot safely read from the file. Exit the 129 * do-while loop and trigger the exception condition 130 * 131 * @var string|bool 132 */ 133 $buf = false; 134 break; 135 } 150 /** 151 * We cannot safely read from the file. Exit the 152 * do-while loop and trigger the exception condition 153 * 154 * @var string|bool 155 */ 156 $buf = false; 157 break; 136 158 } 137 159 /** … … 140 162 $remaining -= RandomCompat_strlen($read); 141 163 /** 142 * @var string |bool164 * @var string $buf 143 165 */ 144 $buf = $buf .$read;166 $buf .= $read; 145 167 } while ($remaining > 0); 146 168 147 169 /** 148 170 * Is our result valid? 171 * @var string|bool $buf 149 172 */ 150 173 if (is_string($buf)) { -
trunk/src/wp-includes/random_compat/random_bytes_libsodium.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 14 14 * copies of the Software, and to permit persons to whom the Software is 15 15 * furnished to do so, subject to the following conditions: 16 * 16 * 17 17 * The above copyright notice and this permission notice shall be included in 18 18 * all copies or substantial portions of the Software. 19 * 19 * 20 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 44 44 { 45 45 try { 46 /** @var int $bytes */ 46 47 $bytes = RandomCompat_intval($bytes); 47 48 } catch (TypeError $ex) { … … 61 62 * generated in one invocation. 62 63 */ 64 /** @var string|bool $buf */ 63 65 if ($bytes > 2147483647) { 64 66 $buf = ''; … … 70 72 } 71 73 } else { 74 /** @var string|bool $buf */ 72 75 $buf = \Sodium\randombytes_buf($bytes); 73 76 } 74 77 75 if ( $buf !== false) {78 if (is_string($buf)) { 76 79 if (RandomCompat_strlen($buf) === $bytes) { 77 80 return $buf; -
trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 14 14 * copies of the Software, and to permit persons to whom the Software is 15 15 * furnished to do so, subject to the following conditions: 16 * 16 * 17 17 * The above copyright notice and this permission notice shall be included in 18 18 * all copies or substantial portions of the Software. 19 * 19 * 20 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 44 44 { 45 45 try { 46 /** @var int $bytes */ 46 47 $bytes = RandomCompat_intval($bytes); 47 48 } catch (TypeError $ex) { -
trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php
r46586 r52742 1 1 <?php 2 2 /** 3 * Random_* Compatibility Library 3 * Random_* Compatibility Library 4 4 * for using the new PHP 7 random_* API in PHP 5 projects 5 * 5 * 6 6 * The MIT License (MIT) 7 7 * 8 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises9 * 8 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 9 * 10 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 11 * of this software and associated documentation files (the "Software"), to deal … … 14 14 * copies of the Software, and to permit persons to whom the Software is 15 15 * furnished to do so, subject to the following conditions: 16 * 16 * 17 17 * The above copyright notice and this permission notice shall be included in 18 18 * all copies or substantial portions of the Software. 19 * 19 * 20 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, … … 43 43 { 44 44 try { 45 /** @var int $bytes */ 45 46 $bytes = RandomCompat_intval($bytes); 46 47 } catch (TypeError $ex) { … … 56 57 } 57 58 58 $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); 59 /** @var string|bool $buf */ 60 $buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM); 59 61 if ( 60 $buf !== false61 &&62 is_string($buf) 63 && 62 64 RandomCompat_strlen($buf) === $bytes 63 65 ) { -
trunk/src/wp-includes/random_compat/random_int.php
r46586 r52742 8 8 * The MIT License (MIT) 9 9 * 10 * Copyright (c) 2015 - 201 7Paragon Initiative Enterprises10 * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises 11 11 * 12 12 * Permission is hereby granted, free of charge, to any person obtaining a copy … … 52 52 53 53 try { 54 /** @var int $min */ 54 55 $min = RandomCompat_intval($min); 55 56 } catch (TypeError $ex) { … … 60 61 61 62 try { 63 /** @var int $max */ 62 64 $max = RandomCompat_intval($max); 63 65 } catch (TypeError $ex) { … … 91 93 */ 92 94 $attempts = $bits = $bytes = $mask = $valueShift = 0; 95 /** @var int $attempts */ 96 /** @var int $bits */ 97 /** @var int $bytes */ 98 /** @var int $mask */ 99 /** @var int $valueShift */ 93 100 94 101 /** … … 96 103 * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to 97 104 * a float and we will lose some precision. 105 * 106 * @var int|float $range 98 107 */ 99 108 $range = $max - $min; … … 116 125 */ 117 126 $bytes = PHP_INT_SIZE; 127 /** @var int $mask */ 118 128 $mask = ~0; 119 129 … … 130 140 ++$bits; 131 141 $range >>= 1; 142 /** @var int $mask */ 132 143 $mask = $mask << 1 | 1; 133 144 } … … 135 146 } 136 147 148 /** @var int $val */ 137 149 $val = 0; 138 150 /** … … 140 152 * random integers until one falls between $min and $max 141 153 */ 154 /** @psalm-suppress RedundantCondition */ 142 155 do { 143 156 /** … … 170 183 $val |= ord($randomByteString[$i]) << ($i * 8); 171 184 } 185 /** @var int $val */ 172 186 173 187 /**
Note: See TracChangeset
for help on using the changeset viewer.