Update to Random_Compat 1.0.9.

This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities. 

Fixes #28633

Built from https://develop.svn.wordpress.org/trunk@35365


git-svn-id: http://core.svn.wordpress.org/trunk@35330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse 2015-10-23 04:22:26 +00:00
parent a49062c2db
commit 53afc72ab7
11 changed files with 260 additions and 45 deletions

View File

@ -2188,7 +2188,7 @@ function wp_rand( $min = 0, $max = 0 ) {
} else { } else {
$use_random_int_functionality = false; $use_random_int_functionality = false;
} }
} catch ( Throwable $t ) { } catch ( Error $e ) {
$use_random_int_functionality = false; $use_random_int_functionality = false;
} catch ( Exception $e ) { } catch ( Exception $e ) {
$use_random_int_functionality = false; $use_random_int_functionality = false;

View File

@ -27,7 +27,10 @@
*/ */
if (!function_exists('RandomCompat_strlen')) { if (!function_exists('RandomCompat_strlen')) {
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) { if (
defined('MB_OVERLOAD_STRING') &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
) {
/** /**
* strlen() implementation that isn't brittle to mbstring.func_overload * strlen() implementation that isn't brittle to mbstring.func_overload
* *
@ -74,7 +77,10 @@ if (!function_exists('RandomCompat_strlen')) {
} }
if (!function_exists('RandomCompat_substr')) { if (!function_exists('RandomCompat_substr')) {
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) { if (
defined('MB_OVERLOAD_STRING') &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
) {
/** /**
* substr() implementation that isn't brittle to mbstring.func_overload * substr() implementation that isn't brittle to mbstring.func_overload
* *

View File

@ -0,0 +1,64 @@
<?php
/**
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
*
* Copyright (c) 2015 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
if (!function_exists('RandomCompat_intval')) {
/**
* Cast to an integer if we can, safely.
*
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
* lose precision, so the <= and => operators might accidentally let a float
* through.
*
* @param numeric $number The number we want to convert to an int
* @param boolean $fail_open Set to true to not throw an exception
*
* @return int (or float if $fail_open)
*/
function RandomCompat_intval($number, $fail_open = false)
{
if (is_numeric($number)) {
$number += 0;
}
if (
is_float($number) &&
$number > ~PHP_INT_MAX &&
$number < PHP_INT_MAX
) {
$number = (int) $number;
}
if (is_int($number) || $fail_open) {
return $number;
}
throw new TypeError(
'Expected an integer.'
);
}
}

View File

@ -26,15 +26,9 @@
* SOFTWARE. * SOFTWARE.
*/ */
if (!interface_exists('Throwable', false)) {
interface Throwable
{
}
}
if (!class_exists('Error', false)) { if (!class_exists('Error', false)) {
// We can't really avoid making this extend Exception in PHP 5. // We can't really avoid making this extend Exception in PHP 5.
class Error extends Exception implements Throwable class Error extends Exception
{ {
} }

View File

@ -28,15 +28,18 @@
if (!defined('PHP_VERSION_ID')) { if (!defined('PHP_VERSION_ID')) {
// This constant was introduced in PHP 5.2.7 // This constant was introduced in PHP 5.2.7
$version = explode('.', PHP_VERSION); $RandomCompatversion = explode('.', PHP_VERSION);
define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2])); define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
unset($RandomCompatversion);
} }
if (PHP_VERSION_ID < 70000) { if (PHP_VERSION_ID < 70000) {
if (!defined('RANDOM_COMPAT_READ_BUFFER')) { if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
define('RANDOM_COMPAT_READ_BUFFER', 8); define('RANDOM_COMPAT_READ_BUFFER', 8);
} }
require_once "byte_safe_strings.php"; $__DIR__ = dirname(__FILE__);
require_once "error_polyfill.php"; require_once $__DIR__.'/byte_safe_strings.php';
require_once $__DIR__.'/cast_to_int.php';
require_once $__DIR__.'/error_polyfill.php';
if (!function_exists('random_bytes')) { if (!function_exists('random_bytes')) {
/** /**
* PHP 5.2.0 - 5.6.x way to implement random_bytes() * PHP 5.2.0 - 5.6.x way to implement random_bytes()
@ -45,26 +48,68 @@ if (PHP_VERSION_ID < 70000) {
* to the operating environment. It's a micro-optimization. * to the operating environment. It's a micro-optimization.
* *
* In order of preference: * In order of preference:
* 1. fread() /dev/urandom if available * 1. Use libsodium if available.
* 2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV) * 2. fread() /dev/urandom if available (never on Windows)
* 3. COM('CAPICOM.Utilities.1')->GetRandom() * 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
* 4. openssl_random_pseudo_bytes() * 4. COM('CAPICOM.Utilities.1')->GetRandom()
* 5. openssl_random_pseudo_bytes() (absolute last resort)
* *
* See ERRATA.md for our reasoning behind this particular order * See ERRATA.md for our reasoning behind this particular order
*/ */
if (!ini_get('open_basedir') && is_readable('/dev/urandom')) { if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php
require_once $__DIR__.'/random_bytes_libsodium.php';
}
if (
!function_exists('random_bytes') &&
DIRECTORY_SEPARATOR === '/' &&
@is_readable('/dev/urandom')
) {
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
// way to exclude Windows.
//
// Error suppression on is_readable() in case of an open_basedir or
// safe_mode failure. All we care about is whether or not we can
// read it at this point. If the PHP environment is going to panic
// over trying to see if the file can be read in the first place,
// that is not helpful to us here.
// See random_bytes_dev_urandom.php // See random_bytes_dev_urandom.php
require_once "random_bytes_dev_urandom.php"; require_once $__DIR__.'/random_bytes_dev_urandom.php';
} elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) { }
if (
!function_exists('random_bytes') &&
PHP_VERSION_ID >= 50307 &&
extension_loaded('mcrypt')
) {
// See random_bytes_mcrypt.php // See random_bytes_mcrypt.php
require_once "random_bytes_mcrypt.php"; require_once $__DIR__.'/random_bytes_mcrypt.php';
} elseif (extension_loaded('com_dotnet')) { }
if (
!function_exists('random_bytes') &&
extension_loaded('com_dotnet') &&
class_exists('COM')
) {
try {
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
// See random_bytes_com_dotnet.php // See random_bytes_com_dotnet.php
require_once "random_bytes_com_dotnet.php"; require_once $__DIR__.'/random_bytes_com_dotnet.php';
} elseif (function_exists('openssl_random_pseudo_bytes')) { }
} catch (com_exception $e) {
// Don't try to use it.
}
unset($RandomCompatCOMtest);
}
if (
!function_exists('random_bytes') &&
extension_loaded('openssl') &&
PHP_VERSION_ID >= 50300
) {
// See random_bytes_openssl.php // See random_bytes_openssl.php
require_once "random_bytes_openssl.php"; require_once $__DIR__.'/random_bytes_openssl.php';
} else { }
if (!function_exists('random_bytes')) {
/** /**
* We don't have any more options, so let's throw an exception right now * We don't have any more options, so let's throw an exception right now
* and hope the developer won't let it fail silently. * and hope the developer won't let it fail silently.
@ -78,6 +123,7 @@ if (PHP_VERSION_ID < 70000) {
} }
} }
if (!function_exists('random_int')) { if (!function_exists('random_int')) {
require_once "random_int.php"; require_once $__DIR__.'/random_int.php';
} }
unset($__DIR__);
} }

View File

@ -39,9 +39,11 @@
*/ */
function random_bytes($bytes) function random_bytes($bytes)
{ {
if (!is_int($bytes)) { try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'Length must be an integer' 'random_bytes(): $bytes must be an integer'
); );
} }
if ($bytes < 1) { if ($bytes < 1) {

View File

@ -74,9 +74,11 @@ function random_bytes($bytes)
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
} }
} }
if (!is_int($bytes)) { try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'Length must be an integer' 'random_bytes(): $bytes must be an integer'
); );
} }
if ($bytes < 1) { if ($bytes < 1) {

View File

@ -0,0 +1,84 @@
<?php
/**
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
*
* Copyright (c) 2015 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
/**
* If the libsodium PHP extension is loaded, we'll use it above any other
* solution.
*
* libsodium-php project:
* @ref https://github.com/jedisct1/libsodium-php
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
* generated in one invocation.
*/
if ($bytes > 2147483647) {
$buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) {
$n = ($bytes - $i) > 1073741824
? 1073741824
: $bytes - $i;
$buf .= \Sodium\randombytes_buf($n);
}
} else {
$buf = \Sodium\randombytes_buf($bytes);
}
if ($buf !== false) {
if (RandomCompat_strlen($buf) === $bytes) {
return $buf;
}
}
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'PHP failed to generate random data.'
);
}

View File

@ -41,9 +41,11 @@
*/ */
function random_bytes($bytes) function random_bytes($bytes)
{ {
if (!is_int($bytes)) { try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'Length must be an integer' 'random_bytes(): $bytes must be an integer'
); );
} }
if ($bytes < 1) { if ($bytes < 1) {
@ -52,7 +54,7 @@ function random_bytes($bytes)
); );
} }
$buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
if ($buf !== false) { if ($buf !== false) {
if (RandomCompat_strlen($buf) === $bytes) { if (RandomCompat_strlen($buf) === $bytes) {
/** /**

View File

@ -41,9 +41,11 @@
*/ */
function random_bytes($bytes) function random_bytes($bytes)
{ {
if (!is_int($bytes)) { try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'Length must be an integer' 'random_bytes(): $bytes must be an integer'
); );
} }
if ($bytes < 1) { if ($bytes < 1) {

View File

@ -40,21 +40,34 @@ function random_int($min, $max)
{ {
/** /**
* Type and input logic checks * Type and input logic checks
*
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
* lose precision, so the <= and => operators might accidentally let a float
* through.
*/ */
if (!is_numeric($min)) {
try {
$min = RandomCompat_intval($min);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'random_int(): $min must be an integer' 'random_int(): $min must be an integer'
); );
} }
if (!is_numeric($max)) { try {
$max = RandomCompat_intval($max);
} catch (TypeError $ex) {
throw new TypeError( throw new TypeError(
'random_int(): $max must be an integer' 'random_int(): $max must be an integer'
); );
} }
$min = (int) $min; /**
$max = (int) $max; * Now that we've verified our weak typing system has given us an integer,
* let's validate the logic then we can move forward with generating random
* integers along a given range.
*/
if ($min > $max) { if ($min > $max) {
throw new Error( throw new Error(
'Minimum value must be less than or equal to the maximum value' 'Minimum value must be less than or equal to the maximum value'
@ -164,7 +177,7 @@ function random_int($min, $max)
/** /**
* If $val overflows to a floating point number, * If $val overflows to a floating point number,
* ... or is larger than $max, * ... or is larger than $max,
* ... or smaller than $int, * ... or smaller than $min,
* then try again. * then try again.
*/ */
} while (!is_int($val) || $val > $max || $val < $min); } while (!is_int($val) || $val > $max || $val < $min);