Update to Random_Compat 1.0.9.
This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities. Fixes #28633 Built from https://develop.svn.wordpress.org/trunk@35365 git-svn-id: http://core.svn.wordpress.org/trunk@35330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a49062c2db
commit
53afc72ab7
|
@ -2188,7 +2188,7 @@ function wp_rand( $min = 0, $max = 0 ) {
|
||||||
} else {
|
} else {
|
||||||
$use_random_int_functionality = false;
|
$use_random_int_functionality = false;
|
||||||
}
|
}
|
||||||
} catch ( Throwable $t ) {
|
} catch ( Error $e ) {
|
||||||
$use_random_int_functionality = false;
|
$use_random_int_functionality = false;
|
||||||
} catch ( Exception $e ) {
|
} catch ( Exception $e ) {
|
||||||
$use_random_int_functionality = false;
|
$use_random_int_functionality = false;
|
||||||
|
|
|
@ -27,7 +27,10 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!function_exists('RandomCompat_strlen')) {
|
if (!function_exists('RandomCompat_strlen')) {
|
||||||
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
|
if (
|
||||||
|
defined('MB_OVERLOAD_STRING') &&
|
||||||
|
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||||
|
) {
|
||||||
/**
|
/**
|
||||||
* strlen() implementation that isn't brittle to mbstring.func_overload
|
* strlen() implementation that isn't brittle to mbstring.func_overload
|
||||||
*
|
*
|
||||||
|
@ -74,7 +77,10 @@ if (!function_exists('RandomCompat_strlen')) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!function_exists('RandomCompat_substr')) {
|
if (!function_exists('RandomCompat_substr')) {
|
||||||
if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
|
if (
|
||||||
|
defined('MB_OVERLOAD_STRING') &&
|
||||||
|
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
|
||||||
|
) {
|
||||||
/**
|
/**
|
||||||
* substr() implementation that isn't brittle to mbstring.func_overload
|
* substr() implementation that isn't brittle to mbstring.func_overload
|
||||||
*
|
*
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Random_* Compatibility Library
|
||||||
|
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||||
|
*
|
||||||
|
* The MIT License (MIT)
|
||||||
|
*
|
||||||
|
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||||
|
*
|
||||||
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
* of this software and associated documentation files (the "Software"), to deal
|
||||||
|
* in the Software without restriction, including without limitation the rights
|
||||||
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
* copies of the Software, and to permit persons to whom the Software is
|
||||||
|
* furnished to do so, subject to the following conditions:
|
||||||
|
*
|
||||||
|
* The above copyright notice and this permission notice shall be included in
|
||||||
|
* all copies or substantial portions of the Software.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
* SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (!function_exists('RandomCompat_intval')) {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Cast to an integer if we can, safely.
|
||||||
|
*
|
||||||
|
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||||
|
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||||
|
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||||
|
* lose precision, so the <= and => operators might accidentally let a float
|
||||||
|
* through.
|
||||||
|
*
|
||||||
|
* @param numeric $number The number we want to convert to an int
|
||||||
|
* @param boolean $fail_open Set to true to not throw an exception
|
||||||
|
*
|
||||||
|
* @return int (or float if $fail_open)
|
||||||
|
*/
|
||||||
|
function RandomCompat_intval($number, $fail_open = false)
|
||||||
|
{
|
||||||
|
if (is_numeric($number)) {
|
||||||
|
$number += 0;
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
is_float($number) &&
|
||||||
|
$number > ~PHP_INT_MAX &&
|
||||||
|
$number < PHP_INT_MAX
|
||||||
|
) {
|
||||||
|
$number = (int) $number;
|
||||||
|
}
|
||||||
|
if (is_int($number) || $fail_open) {
|
||||||
|
return $number;
|
||||||
|
}
|
||||||
|
throw new TypeError(
|
||||||
|
'Expected an integer.'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
|
@ -26,15 +26,9 @@
|
||||||
* SOFTWARE.
|
* SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!interface_exists('Throwable', false)) {
|
|
||||||
interface Throwable
|
|
||||||
{
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!class_exists('Error', false)) {
|
if (!class_exists('Error', false)) {
|
||||||
// We can't really avoid making this extend Exception in PHP 5.
|
// We can't really avoid making this extend Exception in PHP 5.
|
||||||
class Error extends Exception implements Throwable
|
class Error extends Exception
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,15 +28,18 @@
|
||||||
|
|
||||||
if (!defined('PHP_VERSION_ID')) {
|
if (!defined('PHP_VERSION_ID')) {
|
||||||
// This constant was introduced in PHP 5.2.7
|
// This constant was introduced in PHP 5.2.7
|
||||||
$version = explode('.', PHP_VERSION);
|
$RandomCompatversion = explode('.', PHP_VERSION);
|
||||||
define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
|
define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
|
||||||
|
unset($RandomCompatversion);
|
||||||
}
|
}
|
||||||
if (PHP_VERSION_ID < 70000) {
|
if (PHP_VERSION_ID < 70000) {
|
||||||
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
|
||||||
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
define('RANDOM_COMPAT_READ_BUFFER', 8);
|
||||||
}
|
}
|
||||||
require_once "byte_safe_strings.php";
|
$__DIR__ = dirname(__FILE__);
|
||||||
require_once "error_polyfill.php";
|
require_once $__DIR__.'/byte_safe_strings.php';
|
||||||
|
require_once $__DIR__.'/cast_to_int.php';
|
||||||
|
require_once $__DIR__.'/error_polyfill.php';
|
||||||
if (!function_exists('random_bytes')) {
|
if (!function_exists('random_bytes')) {
|
||||||
/**
|
/**
|
||||||
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
|
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
|
||||||
|
@ -45,26 +48,68 @@ if (PHP_VERSION_ID < 70000) {
|
||||||
* to the operating environment. It's a micro-optimization.
|
* to the operating environment. It's a micro-optimization.
|
||||||
*
|
*
|
||||||
* In order of preference:
|
* In order of preference:
|
||||||
* 1. fread() /dev/urandom if available
|
* 1. Use libsodium if available.
|
||||||
* 2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
|
* 2. fread() /dev/urandom if available (never on Windows)
|
||||||
* 3. COM('CAPICOM.Utilities.1')->GetRandom()
|
* 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
|
||||||
* 4. openssl_random_pseudo_bytes()
|
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
|
||||||
|
* 5. openssl_random_pseudo_bytes() (absolute last resort)
|
||||||
*
|
*
|
||||||
* See ERRATA.md for our reasoning behind this particular order
|
* See ERRATA.md for our reasoning behind this particular order
|
||||||
*/
|
*/
|
||||||
if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
|
if (extension_loaded('libsodium')) {
|
||||||
|
// See random_bytes_libsodium.php
|
||||||
|
require_once $__DIR__.'/random_bytes_libsodium.php';
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
!function_exists('random_bytes') &&
|
||||||
|
DIRECTORY_SEPARATOR === '/' &&
|
||||||
|
@is_readable('/dev/urandom')
|
||||||
|
) {
|
||||||
|
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
|
||||||
|
// way to exclude Windows.
|
||||||
|
//
|
||||||
|
// Error suppression on is_readable() in case of an open_basedir or
|
||||||
|
// safe_mode failure. All we care about is whether or not we can
|
||||||
|
// read it at this point. If the PHP environment is going to panic
|
||||||
|
// over trying to see if the file can be read in the first place,
|
||||||
|
// that is not helpful to us here.
|
||||||
|
|
||||||
// See random_bytes_dev_urandom.php
|
// See random_bytes_dev_urandom.php
|
||||||
require_once "random_bytes_dev_urandom.php";
|
require_once $__DIR__.'/random_bytes_dev_urandom.php';
|
||||||
} elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) {
|
}
|
||||||
|
if (
|
||||||
|
!function_exists('random_bytes') &&
|
||||||
|
PHP_VERSION_ID >= 50307 &&
|
||||||
|
extension_loaded('mcrypt')
|
||||||
|
) {
|
||||||
// See random_bytes_mcrypt.php
|
// See random_bytes_mcrypt.php
|
||||||
require_once "random_bytes_mcrypt.php";
|
require_once $__DIR__.'/random_bytes_mcrypt.php';
|
||||||
} elseif (extension_loaded('com_dotnet')) {
|
}
|
||||||
|
if (
|
||||||
|
!function_exists('random_bytes') &&
|
||||||
|
extension_loaded('com_dotnet') &&
|
||||||
|
class_exists('COM')
|
||||||
|
) {
|
||||||
|
try {
|
||||||
|
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
|
||||||
|
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
|
||||||
// See random_bytes_com_dotnet.php
|
// See random_bytes_com_dotnet.php
|
||||||
require_once "random_bytes_com_dotnet.php";
|
require_once $__DIR__.'/random_bytes_com_dotnet.php';
|
||||||
} elseif (function_exists('openssl_random_pseudo_bytes')) {
|
}
|
||||||
|
} catch (com_exception $e) {
|
||||||
|
// Don't try to use it.
|
||||||
|
}
|
||||||
|
unset($RandomCompatCOMtest);
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
!function_exists('random_bytes') &&
|
||||||
|
extension_loaded('openssl') &&
|
||||||
|
PHP_VERSION_ID >= 50300
|
||||||
|
) {
|
||||||
// See random_bytes_openssl.php
|
// See random_bytes_openssl.php
|
||||||
require_once "random_bytes_openssl.php";
|
require_once $__DIR__.'/random_bytes_openssl.php';
|
||||||
} else {
|
}
|
||||||
|
if (!function_exists('random_bytes')) {
|
||||||
/**
|
/**
|
||||||
* We don't have any more options, so let's throw an exception right now
|
* We don't have any more options, so let's throw an exception right now
|
||||||
* and hope the developer won't let it fail silently.
|
* and hope the developer won't let it fail silently.
|
||||||
|
@ -78,6 +123,7 @@ if (PHP_VERSION_ID < 70000) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!function_exists('random_int')) {
|
if (!function_exists('random_int')) {
|
||||||
require_once "random_int.php";
|
require_once $__DIR__.'/random_int.php';
|
||||||
}
|
}
|
||||||
|
unset($__DIR__);
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,9 +39,11 @@
|
||||||
*/
|
*/
|
||||||
function random_bytes($bytes)
|
function random_bytes($bytes)
|
||||||
{
|
{
|
||||||
if (!is_int($bytes)) {
|
try {
|
||||||
|
$bytes = RandomCompat_intval($bytes);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'Length must be an integer'
|
'random_bytes(): $bytes must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($bytes < 1) {
|
if ($bytes < 1) {
|
||||||
|
|
|
@ -74,9 +74,11 @@ function random_bytes($bytes)
|
||||||
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
|
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!is_int($bytes)) {
|
try {
|
||||||
|
$bytes = RandomCompat_intval($bytes);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'Length must be an integer'
|
'random_bytes(): $bytes must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($bytes < 1) {
|
if ($bytes < 1) {
|
||||||
|
|
|
@ -0,0 +1,84 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Random_* Compatibility Library
|
||||||
|
* for using the new PHP 7 random_* API in PHP 5 projects
|
||||||
|
*
|
||||||
|
* The MIT License (MIT)
|
||||||
|
*
|
||||||
|
* Copyright (c) 2015 Paragon Initiative Enterprises
|
||||||
|
*
|
||||||
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
* of this software and associated documentation files (the "Software"), to deal
|
||||||
|
* in the Software without restriction, including without limitation the rights
|
||||||
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
* copies of the Software, and to permit persons to whom the Software is
|
||||||
|
* furnished to do so, subject to the following conditions:
|
||||||
|
*
|
||||||
|
* The above copyright notice and this permission notice shall be included in
|
||||||
|
* all copies or substantial portions of the Software.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
* SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If the libsodium PHP extension is loaded, we'll use it above any other
|
||||||
|
* solution.
|
||||||
|
*
|
||||||
|
* libsodium-php project:
|
||||||
|
* @ref https://github.com/jedisct1/libsodium-php
|
||||||
|
*
|
||||||
|
* @param int $bytes
|
||||||
|
*
|
||||||
|
* @throws Exception
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
function random_bytes($bytes)
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
$bytes = RandomCompat_intval($bytes);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
|
throw new TypeError(
|
||||||
|
'random_bytes(): $bytes must be an integer'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
if ($bytes < 1) {
|
||||||
|
throw new Error(
|
||||||
|
'Length must be greater than 0'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
|
||||||
|
* generated in one invocation.
|
||||||
|
*/
|
||||||
|
if ($bytes > 2147483647) {
|
||||||
|
$buf = '';
|
||||||
|
for ($i = 0; $i < $bytes; $i += 1073741824) {
|
||||||
|
$n = ($bytes - $i) > 1073741824
|
||||||
|
? 1073741824
|
||||||
|
: $bytes - $i;
|
||||||
|
$buf .= \Sodium\randombytes_buf($n);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$buf = \Sodium\randombytes_buf($bytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($buf !== false) {
|
||||||
|
if (RandomCompat_strlen($buf) === $bytes) {
|
||||||
|
return $buf;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If we reach here, PHP has failed us.
|
||||||
|
*/
|
||||||
|
throw new Exception(
|
||||||
|
'PHP failed to generate random data.'
|
||||||
|
);
|
||||||
|
}
|
|
@ -41,9 +41,11 @@
|
||||||
*/
|
*/
|
||||||
function random_bytes($bytes)
|
function random_bytes($bytes)
|
||||||
{
|
{
|
||||||
if (!is_int($bytes)) {
|
try {
|
||||||
|
$bytes = RandomCompat_intval($bytes);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'Length must be an integer'
|
'random_bytes(): $bytes must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($bytes < 1) {
|
if ($bytes < 1) {
|
||||||
|
@ -52,7 +54,7 @@ function random_bytes($bytes)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
|
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
|
||||||
if ($buf !== false) {
|
if ($buf !== false) {
|
||||||
if (RandomCompat_strlen($buf) === $bytes) {
|
if (RandomCompat_strlen($buf) === $bytes) {
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -41,9 +41,11 @@
|
||||||
*/
|
*/
|
||||||
function random_bytes($bytes)
|
function random_bytes($bytes)
|
||||||
{
|
{
|
||||||
if (!is_int($bytes)) {
|
try {
|
||||||
|
$bytes = RandomCompat_intval($bytes);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'Length must be an integer'
|
'random_bytes(): $bytes must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($bytes < 1) {
|
if ($bytes < 1) {
|
||||||
|
|
|
@ -40,21 +40,34 @@ function random_int($min, $max)
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Type and input logic checks
|
* Type and input logic checks
|
||||||
|
*
|
||||||
|
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
|
||||||
|
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
|
||||||
|
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
|
||||||
|
* lose precision, so the <= and => operators might accidentally let a float
|
||||||
|
* through.
|
||||||
*/
|
*/
|
||||||
if (!is_numeric($min)) {
|
|
||||||
|
try {
|
||||||
|
$min = RandomCompat_intval($min);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'random_int(): $min must be an integer'
|
'random_int(): $min must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if (!is_numeric($max)) {
|
try {
|
||||||
|
$max = RandomCompat_intval($max);
|
||||||
|
} catch (TypeError $ex) {
|
||||||
throw new TypeError(
|
throw new TypeError(
|
||||||
'random_int(): $max must be an integer'
|
'random_int(): $max must be an integer'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$min = (int) $min;
|
/**
|
||||||
$max = (int) $max;
|
* Now that we've verified our weak typing system has given us an integer,
|
||||||
|
* let's validate the logic then we can move forward with generating random
|
||||||
|
* integers along a given range.
|
||||||
|
*/
|
||||||
if ($min > $max) {
|
if ($min > $max) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
'Minimum value must be less than or equal to the maximum value'
|
'Minimum value must be less than or equal to the maximum value'
|
||||||
|
@ -164,7 +177,7 @@ function random_int($min, $max)
|
||||||
/**
|
/**
|
||||||
* If $val overflows to a floating point number,
|
* If $val overflows to a floating point number,
|
||||||
* ... or is larger than $max,
|
* ... or is larger than $max,
|
||||||
* ... or smaller than $int,
|
* ... or smaller than $min,
|
||||||
* then try again.
|
* then try again.
|
||||||
*/
|
*/
|
||||||
} while (!is_int($val) || $val > $max || $val < $min);
|
} while (!is_int($val) || $val > $max || $val < $min);
|
||||||
|
|
Loading…
Reference in New Issue