General: Increase the minimum supported version of PHP to 7.0.0.
This also removes the random compat library which is no longer necessary, and adjusts unit tests and CI workflows that no longer need to take PHP 5.6 into account. Thank you for your service, PHP 5. Onwards! Props SergeyBiryukov, mukesh27, dingo_d, audrasjb, jrf, costdev, azaozz, JavierCasares, hellofromTonya, samiamnot, spacedmonkey, masteradhoc, knutsp, garyjones, chanthaboune Fixes #57345 Built from https://develop.svn.wordpress.org/trunk@56141 git-svn-id: http://core.svn.wordpress.org/trunk@55653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
fec46200bb
commit
0c324b983f
|
@ -51,7 +51,7 @@
|
||||||
|
|
||||||
<h2>System Requirements</h2>
|
<h2>System Requirements</h2>
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="https://secure.php.net/">PHP</a> version <strong>5.6.20</strong> or greater.</li>
|
<li><a href="https://secure.php.net/">PHP</a> version <strong>7.0</strong> or greater.</li>
|
||||||
<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or greater.</li>
|
<li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or greater.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
|
@ -333,10 +333,6 @@ if ( ! function_exists( 'hash_equals' ) ) :
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
// random_int() was introduced in PHP 7.0.
|
|
||||||
if ( ! function_exists( 'random_int' ) ) {
|
|
||||||
require ABSPATH . WPINC . '/random_compat/random.php';
|
|
||||||
}
|
|
||||||
// sodium_crypto_box() was introduced in PHP 7.2.
|
// sodium_crypto_box() was introduced in PHP 7.2.
|
||||||
if ( ! function_exists( 'sodium_crypto_box' ) ) {
|
if ( ! function_exists( 'sodium_crypto_box' ) ) {
|
||||||
require ABSPATH . WPINC . '/sodium_compat/autoload.php';
|
require ABSPATH . WPINC . '/sodium_compat/autoload.php';
|
||||||
|
|
|
@ -1,195 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('RandomCompat_strlen')) {
|
|
||||||
if (
|
|
||||||
defined('MB_OVERLOAD_STRING')
|
|
||||||
&&
|
|
||||||
((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
|
|
||||||
) {
|
|
||||||
/**
|
|
||||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
|
||||||
*
|
|
||||||
* This version uses mb_strlen() in '8bit' mode to treat strings as raw
|
|
||||||
* binary rather than UTF-8, ISO-8859-1, etc
|
|
||||||
*
|
|
||||||
* @param string $binary_string
|
|
||||||
*
|
|
||||||
* @throws TypeError
|
|
||||||
*
|
|
||||||
* @return int
|
|
||||||
*/
|
|
||||||
function RandomCompat_strlen($binary_string)
|
|
||||||
{
|
|
||||||
if (!is_string($binary_string)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_strlen() expects a string'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return (int) mb_strlen($binary_string, '8bit');
|
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
|
||||||
/**
|
|
||||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
|
||||||
*
|
|
||||||
* This version just used the default strlen()
|
|
||||||
*
|
|
||||||
* @param string $binary_string
|
|
||||||
*
|
|
||||||
* @throws TypeError
|
|
||||||
*
|
|
||||||
* @return int
|
|
||||||
*/
|
|
||||||
function RandomCompat_strlen($binary_string)
|
|
||||||
{
|
|
||||||
if (!is_string($binary_string)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_strlen() expects a string'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
return (int) strlen($binary_string);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_callable('RandomCompat_substr')) {
|
|
||||||
|
|
||||||
if (
|
|
||||||
defined('MB_OVERLOAD_STRING')
|
|
||||||
&&
|
|
||||||
((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
|
|
||||||
) {
|
|
||||||
/**
|
|
||||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
|
||||||
*
|
|
||||||
* This version uses mb_substr() in '8bit' mode to treat strings as raw
|
|
||||||
* binary rather than UTF-8, ISO-8859-1, etc
|
|
||||||
*
|
|
||||||
* @param string $binary_string
|
|
||||||
* @param int $start
|
|
||||||
* @param int|null $length (optional)
|
|
||||||
*
|
|
||||||
* @throws TypeError
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function RandomCompat_substr($binary_string, $start, $length = null)
|
|
||||||
{
|
|
||||||
if (!is_string($binary_string)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): First argument should be a string'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_int($start)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): Second argument should be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($length === null) {
|
|
||||||
/**
|
|
||||||
* mb_substr($str, 0, NULL, '8bit') returns an empty string on
|
|
||||||
* PHP 5.3, so we have to find the length ourselves.
|
|
||||||
*/
|
|
||||||
/** @var int $length */
|
|
||||||
$length = RandomCompat_strlen($binary_string) - $start;
|
|
||||||
} elseif (!is_int($length)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): Third argument should be an integer, or omitted'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Consistency with PHP's behavior
|
|
||||||
if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
if ($start > RandomCompat_strlen($binary_string)) {
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
|
|
||||||
return (string) mb_substr(
|
|
||||||
(string) $binary_string,
|
|
||||||
(int) $start,
|
|
||||||
(int) $length,
|
|
||||||
'8bit'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
|
||||||
*
|
|
||||||
* This version just uses the default substr()
|
|
||||||
*
|
|
||||||
* @param string $binary_string
|
|
||||||
* @param int $start
|
|
||||||
* @param int|null $length (optional)
|
|
||||||
*
|
|
||||||
* @throws TypeError
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function RandomCompat_substr($binary_string, $start, $length = null)
|
|
||||||
{
|
|
||||||
if (!is_string($binary_string)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): First argument should be a string'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_int($start)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): Second argument should be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($length !== null) {
|
|
||||||
if (!is_int($length)) {
|
|
||||||
throw new TypeError(
|
|
||||||
'RandomCompat_substr(): Third argument should be an integer, or omitted'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return (string) substr(
|
|
||||||
(string )$binary_string,
|
|
||||||
(int) $start,
|
|
||||||
(int) $length
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return (string) substr(
|
|
||||||
(string) $binary_string,
|
|
||||||
(int) $start
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,77 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('RandomCompat_intval')) {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Cast to an integer if we can, safely.
|
|
||||||
*
|
|
||||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
|
||||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
|
||||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
|
||||||
* lose precision, so the <= and => operators might accidentally let a float
|
|
||||||
* through.
|
|
||||||
*
|
|
||||||
* @param int|float $number The number we want to convert to an int
|
|
||||||
* @param bool $fail_open Set to true to not throw an exception
|
|
||||||
*
|
|
||||||
* @return float|int
|
|
||||||
* @psalm-suppress InvalidReturnType
|
|
||||||
*
|
|
||||||
* @throws TypeError
|
|
||||||
*/
|
|
||||||
function RandomCompat_intval($number, $fail_open = false)
|
|
||||||
{
|
|
||||||
if (is_int($number) || is_float($number)) {
|
|
||||||
$number += 0;
|
|
||||||
} elseif (is_numeric($number)) {
|
|
||||||
/** @psalm-suppress InvalidOperand */
|
|
||||||
$number += 0;
|
|
||||||
}
|
|
||||||
/** @var int|float $number */
|
|
||||||
|
|
||||||
if (
|
|
||||||
is_float($number)
|
|
||||||
&&
|
|
||||||
$number > ~PHP_INT_MAX
|
|
||||||
&&
|
|
||||||
$number < PHP_INT_MAX
|
|
||||||
) {
|
|
||||||
$number = (int) $number;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_int($number)) {
|
|
||||||
return (int) $number;
|
|
||||||
} elseif (!$fail_open) {
|
|
||||||
throw new TypeError(
|
|
||||||
'Expected an integer.'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
return $number;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!class_exists('Error', false)) {
|
|
||||||
// We can't really avoid making this extend Exception in PHP 5.
|
|
||||||
class Error extends Exception
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!class_exists('TypeError', false)) {
|
|
||||||
if (is_subclass_of('Error', 'Exception')) {
|
|
||||||
class TypeError extends Error
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
class TypeError extends Exception
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,226 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* @version 2.0.17
|
|
||||||
* @released 2018-07-04
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!defined('PHP_VERSION_ID')) {
|
|
||||||
// This constant was introduced in PHP 5.2.7
|
|
||||||
$RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
|
|
||||||
define(
|
|
||||||
'PHP_VERSION_ID',
|
|
||||||
$RandomCompatversion[0] * 10000
|
|
||||||
+ $RandomCompatversion[1] * 100
|
|
||||||
+ $RandomCompatversion[2]
|
|
||||||
);
|
|
||||||
$RandomCompatversion = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* PHP 7.0.0 and newer have these functions natively.
|
|
||||||
*/
|
|
||||||
if (PHP_VERSION_ID >= 70000) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
|
||||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
|
||||||
}
|
|
||||||
|
|
||||||
$RandomCompatDIR = dirname(__FILE__);
|
|
||||||
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'byte_safe_strings.php';
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'cast_to_int.php';
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'error_polyfill.php';
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
|
|
||||||
*
|
|
||||||
* We use conditional statements here to define the function in accordance
|
|
||||||
* to the operating environment. It's a micro-optimization.
|
|
||||||
*
|
|
||||||
* In order of preference:
|
|
||||||
* 1. Use libsodium if available.
|
|
||||||
* 2. fread() /dev/urandom if available (never on Windows)
|
|
||||||
* 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
|
|
||||||
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
|
|
||||||
*
|
|
||||||
* See RATIONALE.md for our reasoning behind this particular order
|
|
||||||
*/
|
|
||||||
if (extension_loaded('libsodium')) {
|
|
||||||
// See random_bytes_libsodium.php
|
|
||||||
if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium.php';
|
|
||||||
} elseif (method_exists('Sodium', 'randombytes_buf')) {
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium_legacy.php';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Reading directly from /dev/urandom:
|
|
||||||
*/
|
|
||||||
if (DIRECTORY_SEPARATOR === '/') {
|
|
||||||
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
|
|
||||||
// way to exclude Windows.
|
|
||||||
$RandomCompatUrandom = true;
|
|
||||||
$RandomCompat_basedir = ini_get('open_basedir');
|
|
||||||
|
|
||||||
if (!empty($RandomCompat_basedir)) {
|
|
||||||
$RandomCompat_open_basedir = explode(
|
|
||||||
PATH_SEPARATOR,
|
|
||||||
strtolower($RandomCompat_basedir)
|
|
||||||
);
|
|
||||||
$RandomCompatUrandom = (array() !== array_intersect(
|
|
||||||
array('/dev', '/dev/', '/dev/urandom'),
|
|
||||||
$RandomCompat_open_basedir
|
|
||||||
));
|
|
||||||
$RandomCompat_open_basedir = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (
|
|
||||||
!is_callable('random_bytes')
|
|
||||||
&&
|
|
||||||
$RandomCompatUrandom
|
|
||||||
&&
|
|
||||||
@is_readable('/dev/urandom')
|
|
||||||
) {
|
|
||||||
// Error suppression on is_readable() in case of an open_basedir
|
|
||||||
// or safe_mode failure. All we care about is whether or not we
|
|
||||||
// can read it at this point. If the PHP environment is going to
|
|
||||||
// panic over trying to see if the file can be read in the first
|
|
||||||
// place, that is not helpful to us here.
|
|
||||||
|
|
||||||
// See random_bytes_dev_urandom.php
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_dev_urandom.php';
|
|
||||||
}
|
|
||||||
// Unset variables after use
|
|
||||||
$RandomCompat_basedir = null;
|
|
||||||
} else {
|
|
||||||
$RandomCompatUrandom = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* mcrypt_create_iv()
|
|
||||||
*
|
|
||||||
* We only want to use mcypt_create_iv() if:
|
|
||||||
*
|
|
||||||
* - random_bytes() hasn't already been defined
|
|
||||||
* - the mcrypt extensions is loaded
|
|
||||||
* - One of these two conditions is true:
|
|
||||||
* - We're on Windows (DIRECTORY_SEPARATOR !== '/')
|
|
||||||
* - We're not on Windows and /dev/urandom is readabale
|
|
||||||
* (i.e. we're not in a chroot jail)
|
|
||||||
* - Special case:
|
|
||||||
* - If we're not on Windows, but the PHP version is between
|
|
||||||
* 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
|
|
||||||
* hang indefinitely. This is bad.
|
|
||||||
* - If we're on Windows, we want to use PHP >= 5.3.7 or else
|
|
||||||
* we get insufficient entropy errors.
|
|
||||||
*/
|
|
||||||
if (
|
|
||||||
!is_callable('random_bytes')
|
|
||||||
&&
|
|
||||||
// Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
|
|
||||||
(DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
|
|
||||||
&&
|
|
||||||
// Prevent this code from hanging indefinitely on non-Windows;
|
|
||||||
// see https://bugs.php.net/bug.php?id=69833
|
|
||||||
(
|
|
||||||
DIRECTORY_SEPARATOR !== '/' ||
|
|
||||||
(PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
|
|
||||||
)
|
|
||||||
&&
|
|
||||||
extension_loaded('mcrypt')
|
|
||||||
) {
|
|
||||||
// See random_bytes_mcrypt.php
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_mcrypt.php';
|
|
||||||
}
|
|
||||||
$RandomCompatUrandom = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This is a Windows-specific fallback, for when the mcrypt extension
|
|
||||||
* isn't loaded.
|
|
||||||
*/
|
|
||||||
if (
|
|
||||||
!is_callable('random_bytes')
|
|
||||||
&&
|
|
||||||
extension_loaded('com_dotnet')
|
|
||||||
&&
|
|
||||||
class_exists('COM')
|
|
||||||
) {
|
|
||||||
$RandomCompat_disabled_classes = preg_split(
|
|
||||||
'#\s*,\s*#',
|
|
||||||
strtolower(ini_get('disable_classes'))
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!in_array('com', $RandomCompat_disabled_classes)) {
|
|
||||||
try {
|
|
||||||
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
|
|
||||||
/** @psalm-suppress TypeDoesNotContainType */
|
|
||||||
if (is_callable(array($RandomCompatCOMtest, 'GetRandom'))) {
|
|
||||||
// See random_bytes_com_dotnet.php
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_com_dotnet.php';
|
|
||||||
}
|
|
||||||
} catch (com_exception $e) {
|
|
||||||
// Don't try to use it.
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$RandomCompat_disabled_classes = null;
|
|
||||||
$RandomCompatCOMtest = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* throw new Exception
|
|
||||||
*/
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* We don't have any more options, so let's throw an exception right now
|
|
||||||
* and hope the developer won't let it fail silently.
|
|
||||||
*
|
|
||||||
* @param mixed $length
|
|
||||||
* @psalm-suppress InvalidReturnType
|
|
||||||
* @throws Exception
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($length)
|
|
||||||
{
|
|
||||||
unset($length); // Suppress "variable not used" warnings.
|
|
||||||
throw new Exception(
|
|
||||||
'There is no suitable CSPRNG installed on your system'
|
|
||||||
);
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_callable('random_int')) {
|
|
||||||
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_int.php';
|
|
||||||
}
|
|
||||||
|
|
||||||
$RandomCompatDIR = null;
|
|
|
@ -1,91 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* Windows with PHP < 5.3.0 will not have the function
|
|
||||||
* openssl_random_pseudo_bytes() available, so let's use
|
|
||||||
* CAPICOM to work around this deficiency.
|
|
||||||
*
|
|
||||||
* @param int $bytes
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($bytes)
|
|
||||||
{
|
|
||||||
try {
|
|
||||||
/** @var int $bytes */
|
|
||||||
$bytes = RandomCompat_intval($bytes);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_bytes(): $bytes must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($bytes < 1) {
|
|
||||||
throw new Error(
|
|
||||||
'Length must be greater than 0'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/** @var string $buf */
|
|
||||||
$buf = '';
|
|
||||||
if (!class_exists('COM')) {
|
|
||||||
throw new Error(
|
|
||||||
'COM does not exist'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
/** @var COM $util */
|
|
||||||
$util = new COM('CAPICOM.Utilities.1');
|
|
||||||
$execCount = 0;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Let's not let it loop forever. If we run N times and fail to
|
|
||||||
* get N bytes of random data, then CAPICOM has failed us.
|
|
||||||
*/
|
|
||||||
do {
|
|
||||||
$buf .= base64_decode((string) $util->GetRandom($bytes, 0));
|
|
||||||
if (RandomCompat_strlen($buf) >= $bytes) {
|
|
||||||
/**
|
|
||||||
* Return our random entropy buffer here:
|
|
||||||
*/
|
|
||||||
return (string) RandomCompat_substr($buf, 0, $bytes);
|
|
||||||
}
|
|
||||||
++$execCount;
|
|
||||||
} while ($execCount < $bytes);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If we reach here, PHP has failed us.
|
|
||||||
*/
|
|
||||||
throw new Exception(
|
|
||||||
'Could not gather sufficient random data'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,190 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
|
||||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* Unless open_basedir is enabled, use /dev/urandom for
|
|
||||||
* random numbers in accordance with best practices
|
|
||||||
*
|
|
||||||
* Why we use /dev/urandom and not /dev/random
|
|
||||||
* @ref https://www.2uo.de/myths-about-urandom
|
|
||||||
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
|
|
||||||
*
|
|
||||||
* @param int $bytes
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($bytes)
|
|
||||||
{
|
|
||||||
/** @var resource $fp */
|
|
||||||
static $fp = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This block should only be run once
|
|
||||||
*/
|
|
||||||
if (empty($fp)) {
|
|
||||||
/**
|
|
||||||
* We don't want to ever read C:\dev\random, only /dev/urandom on
|
|
||||||
* Unix-like operating systems. While we guard against this
|
|
||||||
* condition in random.php, it doesn't hurt to be defensive in depth
|
|
||||||
* here.
|
|
||||||
*
|
|
||||||
* To that end, we only try to open /dev/urandom if we're on a Unix-
|
|
||||||
* like operating system (which means the directory separator is set
|
|
||||||
* to "/" not "\".
|
|
||||||
*/
|
|
||||||
if (DIRECTORY_SEPARATOR === '/') {
|
|
||||||
if (!is_readable('/dev/urandom')) {
|
|
||||||
throw new Exception(
|
|
||||||
'Environment misconfiguration: ' .
|
|
||||||
'/dev/urandom cannot be read.'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* We use /dev/urandom if it is a char device.
|
|
||||||
* We never fall back to /dev/random
|
|
||||||
*/
|
|
||||||
/** @var resource|bool $fp */
|
|
||||||
$fp = fopen('/dev/urandom', 'rb');
|
|
||||||
if (is_resource($fp)) {
|
|
||||||
/** @var array<string, int> $st */
|
|
||||||
$st = fstat($fp);
|
|
||||||
if (($st['mode'] & 0170000) !== 020000) {
|
|
||||||
fclose($fp);
|
|
||||||
$fp = false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_resource($fp)) {
|
|
||||||
/**
|
|
||||||
* stream_set_read_buffer() does not exist in HHVM
|
|
||||||
*
|
|
||||||
* If we don't set the stream's read buffer to 0, PHP will
|
|
||||||
* internally buffer 8192 bytes, which can waste entropy
|
|
||||||
*
|
|
||||||
* stream_set_read_buffer returns 0 on success
|
|
||||||
*/
|
|
||||||
if (is_callable('stream_set_read_buffer')) {
|
|
||||||
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
|
|
||||||
}
|
|
||||||
if (is_callable('stream_set_chunk_size')) {
|
|
||||||
stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
/** @var int $bytes */
|
|
||||||
$bytes = RandomCompat_intval($bytes);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_bytes(): $bytes must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($bytes < 1) {
|
|
||||||
throw new Error(
|
|
||||||
'Length must be greater than 0'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This if() block only runs if we managed to open a file handle
|
|
||||||
*
|
|
||||||
* It does not belong in an else {} block, because the above
|
|
||||||
* if (empty($fp)) line is logic that should only be run once per
|
|
||||||
* page load.
|
|
||||||
*/
|
|
||||||
if (is_resource($fp)) {
|
|
||||||
/**
|
|
||||||
* @var int
|
|
||||||
*/
|
|
||||||
$remaining = $bytes;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string|bool
|
|
||||||
*/
|
|
||||||
$buf = '';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* We use fread() in a loop to protect against partial reads
|
|
||||||
*/
|
|
||||||
do {
|
|
||||||
/**
|
|
||||||
* @var string|bool
|
|
||||||
*/
|
|
||||||
$read = fread($fp, $remaining);
|
|
||||||
if (!is_string($read)) {
|
|
||||||
/**
|
|
||||||
* We cannot safely read from the file. Exit the
|
|
||||||
* do-while loop and trigger the exception condition
|
|
||||||
*
|
|
||||||
* @var string|bool
|
|
||||||
*/
|
|
||||||
$buf = false;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Decrease the number of bytes returned from remaining
|
|
||||||
*/
|
|
||||||
$remaining -= RandomCompat_strlen($read);
|
|
||||||
/**
|
|
||||||
* @var string $buf
|
|
||||||
*/
|
|
||||||
$buf .= $read;
|
|
||||||
} while ($remaining > 0);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Is our result valid?
|
|
||||||
* @var string|bool $buf
|
|
||||||
*/
|
|
||||||
if (is_string($buf)) {
|
|
||||||
if (RandomCompat_strlen($buf) === $bytes) {
|
|
||||||
/**
|
|
||||||
* Return our random entropy buffer here:
|
|
||||||
*/
|
|
||||||
return $buf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If we reach here, PHP has failed us.
|
|
||||||
*/
|
|
||||||
throw new Exception(
|
|
||||||
'Error reading from source device'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,91 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* If the libsodium PHP extension is loaded, we'll use it above any other
|
|
||||||
* solution.
|
|
||||||
*
|
|
||||||
* libsodium-php project:
|
|
||||||
* @ref https://github.com/jedisct1/libsodium-php
|
|
||||||
*
|
|
||||||
* @param int $bytes
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($bytes)
|
|
||||||
{
|
|
||||||
try {
|
|
||||||
/** @var int $bytes */
|
|
||||||
$bytes = RandomCompat_intval($bytes);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_bytes(): $bytes must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($bytes < 1) {
|
|
||||||
throw new Error(
|
|
||||||
'Length must be greater than 0'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
|
||||||
* generated in one invocation.
|
|
||||||
*/
|
|
||||||
/** @var string|bool $buf */
|
|
||||||
if ($bytes > 2147483647) {
|
|
||||||
$buf = '';
|
|
||||||
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
|
||||||
$n = ($bytes - $i) > 1073741824
|
|
||||||
? 1073741824
|
|
||||||
: $bytes - $i;
|
|
||||||
$buf .= \Sodium\randombytes_buf($n);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
/** @var string|bool $buf */
|
|
||||||
$buf = \Sodium\randombytes_buf($bytes);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_string($buf)) {
|
|
||||||
if (RandomCompat_strlen($buf) === $bytes) {
|
|
||||||
return $buf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If we reach here, PHP has failed us.
|
|
||||||
*/
|
|
||||||
throw new Exception(
|
|
||||||
'Could not gather sufficient random data'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,93 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* If the libsodium PHP extension is loaded, we'll use it above any other
|
|
||||||
* solution.
|
|
||||||
*
|
|
||||||
* libsodium-php project:
|
|
||||||
* @ref https://github.com/jedisct1/libsodium-php
|
|
||||||
*
|
|
||||||
* @param int $bytes
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($bytes)
|
|
||||||
{
|
|
||||||
try {
|
|
||||||
/** @var int $bytes */
|
|
||||||
$bytes = RandomCompat_intval($bytes);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_bytes(): $bytes must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($bytes < 1) {
|
|
||||||
throw new Error(
|
|
||||||
'Length must be greater than 0'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
$buf = '';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
|
||||||
* generated in one invocation.
|
|
||||||
*/
|
|
||||||
if ($bytes > 2147483647) {
|
|
||||||
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
|
||||||
$n = ($bytes - $i) > 1073741824
|
|
||||||
? 1073741824
|
|
||||||
: $bytes - $i;
|
|
||||||
$buf .= Sodium::randombytes_buf((int) $n);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$buf .= Sodium::randombytes_buf((int) $bytes);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_string($buf)) {
|
|
||||||
if (RandomCompat_strlen($buf) === $bytes) {
|
|
||||||
return $buf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If we reach here, PHP has failed us.
|
|
||||||
*/
|
|
||||||
throw new Exception(
|
|
||||||
'Could not gather sufficient random data'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,79 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!is_callable('random_bytes')) {
|
|
||||||
/**
|
|
||||||
* Powered by ext/mcrypt (and thankfully NOT libmcrypt)
|
|
||||||
*
|
|
||||||
* @ref https://bugs.php.net/bug.php?id=55169
|
|
||||||
* @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
|
|
||||||
*
|
|
||||||
* @param int $bytes
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
function random_bytes($bytes)
|
|
||||||
{
|
|
||||||
try {
|
|
||||||
/** @var int $bytes */
|
|
||||||
$bytes = RandomCompat_intval($bytes);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_bytes(): $bytes must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($bytes < 1) {
|
|
||||||
throw new Error(
|
|
||||||
'Length must be greater than 0'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/** @var string|bool $buf */
|
|
||||||
$buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM);
|
|
||||||
if (
|
|
||||||
is_string($buf)
|
|
||||||
&&
|
|
||||||
RandomCompat_strlen($buf) === $bytes
|
|
||||||
) {
|
|
||||||
/**
|
|
||||||
* Return our random entropy buffer here:
|
|
||||||
*/
|
|
||||||
return $buf;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* If we reach here, PHP has failed us.
|
|
||||||
*/
|
|
||||||
throw new Exception(
|
|
||||||
'Could not gather sufficient random data'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,204 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
if (!is_callable('random_int')) {
|
|
||||||
/**
|
|
||||||
* Random_* Compatibility Library
|
|
||||||
* for using the new PHP 7 random_* API in PHP 5 projects
|
|
||||||
*
|
|
||||||
* The MIT License (MIT)
|
|
||||||
*
|
|
||||||
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in
|
|
||||||
* all copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Fetch a random integer between $min and $max inclusive
|
|
||||||
*
|
|
||||||
* @param int $min
|
|
||||||
* @param int $max
|
|
||||||
*
|
|
||||||
* @throws Exception
|
|
||||||
*
|
|
||||||
* @return int
|
|
||||||
*/
|
|
||||||
function random_int($min, $max)
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Type and input logic checks
|
|
||||||
*
|
|
||||||
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
|
||||||
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
|
||||||
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
|
||||||
* lose precision, so the <= and => operators might accidentally let a float
|
|
||||||
* through.
|
|
||||||
*/
|
|
||||||
|
|
||||||
try {
|
|
||||||
/** @var int $min */
|
|
||||||
$min = RandomCompat_intval($min);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_int(): $min must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
/** @var int $max */
|
|
||||||
$max = RandomCompat_intval($max);
|
|
||||||
} catch (TypeError $ex) {
|
|
||||||
throw new TypeError(
|
|
||||||
'random_int(): $max must be an integer'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Now that we've verified our weak typing system has given us an integer,
|
|
||||||
* let's validate the logic then we can move forward with generating random
|
|
||||||
* integers along a given range.
|
|
||||||
*/
|
|
||||||
if ($min > $max) {
|
|
||||||
throw new Error(
|
|
||||||
'Minimum value must be less than or equal to the maximum value'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($max === $min) {
|
|
||||||
return (int) $min;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Initialize variables to 0
|
|
||||||
*
|
|
||||||
* We want to store:
|
|
||||||
* $bytes => the number of random bytes we need
|
|
||||||
* $mask => an integer bitmask (for use with the &) operator
|
|
||||||
* so we can minimize the number of discards
|
|
||||||
*/
|
|
||||||
$attempts = $bits = $bytes = $mask = $valueShift = 0;
|
|
||||||
/** @var int $attempts */
|
|
||||||
/** @var int $bits */
|
|
||||||
/** @var int $bytes */
|
|
||||||
/** @var int $mask */
|
|
||||||
/** @var int $valueShift */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* At this point, $range is a positive number greater than 0. It might
|
|
||||||
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
|
|
||||||
* a float and we will lose some precision.
|
|
||||||
*
|
|
||||||
* @var int|float $range
|
|
||||||
*/
|
|
||||||
$range = $max - $min;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test for integer overflow:
|
|
||||||
*/
|
|
||||||
if (!is_int($range)) {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Still safely calculate wider ranges.
|
|
||||||
* Provided by @CodesInChaos, @oittaa
|
|
||||||
*
|
|
||||||
* @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
|
|
||||||
*
|
|
||||||
* We use ~0 as a mask in this case because it generates all 1s
|
|
||||||
*
|
|
||||||
* @ref https://eval.in/400356 (32-bit)
|
|
||||||
* @ref http://3v4l.org/XX9r5 (64-bit)
|
|
||||||
*/
|
|
||||||
$bytes = PHP_INT_SIZE;
|
|
||||||
/** @var int $mask */
|
|
||||||
$mask = ~0;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* $bits is effectively ceil(log($range, 2)) without dealing with
|
|
||||||
* type juggling
|
|
||||||
*/
|
|
||||||
while ($range > 0) {
|
|
||||||
if ($bits % 8 === 0) {
|
|
||||||
++$bytes;
|
|
||||||
}
|
|
||||||
++$bits;
|
|
||||||
$range >>= 1;
|
|
||||||
/** @var int $mask */
|
|
||||||
$mask = $mask << 1 | 1;
|
|
||||||
}
|
|
||||||
$valueShift = $min;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** @var int $val */
|
|
||||||
$val = 0;
|
|
||||||
/**
|
|
||||||
* Now that we have our parameters set up, let's begin generating
|
|
||||||
* random integers until one falls between $min and $max
|
|
||||||
*/
|
|
||||||
/** @psalm-suppress RedundantCondition */
|
|
||||||
do {
|
|
||||||
/**
|
|
||||||
* The rejection probability is at most 0.5, so this corresponds
|
|
||||||
* to a failure probability of 2^-128 for a working RNG
|
|
||||||
*/
|
|
||||||
if ($attempts > 128) {
|
|
||||||
throw new Exception(
|
|
||||||
'random_int: RNG is broken - too many rejections'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Let's grab the necessary number of random bytes
|
|
||||||
*/
|
|
||||||
$randomByteString = random_bytes($bytes);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Let's turn $randomByteString into an integer
|
|
||||||
*
|
|
||||||
* This uses bitwise operators (<< and |) to build an integer
|
|
||||||
* out of the values extracted from ord()
|
|
||||||
*
|
|
||||||
* Example: [9F] | [6D] | [32] | [0C] =>
|
|
||||||
* 159 + 27904 + 3276800 + 201326592 =>
|
|
||||||
* 204631455
|
|
||||||
*/
|
|
||||||
$val &= 0;
|
|
||||||
for ($i = 0; $i < $bytes; ++$i) {
|
|
||||||
$val |= ord($randomByteString[$i]) << ($i * 8);
|
|
||||||
}
|
|
||||||
/** @var int $val */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Apply mask
|
|
||||||
*/
|
|
||||||
$val &= $mask;
|
|
||||||
$val += $valueShift;
|
|
||||||
|
|
||||||
++$attempts;
|
|
||||||
/**
|
|
||||||
* If $val overflows to a floating point number,
|
|
||||||
* ... or is larger than $max,
|
|
||||||
* ... or smaller than $min,
|
|
||||||
* then try again.
|
|
||||||
*/
|
|
||||||
} while (!is_int($val) || $val > $max || $val < $min);
|
|
||||||
|
|
||||||
return (int) $val;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.3-beta3-56140';
|
$wp_version = '6.3-beta3-56141';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
@ -37,7 +37,7 @@ $tinymce_version = '49110-20201110';
|
||||||
*
|
*
|
||||||
* @global string $required_php_version
|
* @global string $required_php_version
|
||||||
*/
|
*/
|
||||||
$required_php_version = '5.6.20';
|
$required_php_version = '7.0.0';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the required MySQL version.
|
* Holds the required MySQL version.
|
||||||
|
|
Loading…
Reference in New Issue