WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

External Libraries: Update random_compat to version 2.0.21. 

The latest release includes improved compatibility with PHP 8.1, as well as some bug fixes for Windows platforms.

Release notes:
https://github.com/paragonie/random_compat/releases/tag/v2.0.21

For a full list of changes in this update, see the random_compat GitHub:
https://github.com/paragonie/random_compat/compare/v2.0.11...v2.0.21

Follow-up to [42130].

Props jrf, paragoninitiativeenterprises.
Fixes #55181.
Built from https://develop.svn.wordpress.org/trunk@52742


git-svn-id: http://core.svn.wordpress.org/trunk@52331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2022-02-16 21:19:04 +00:00
parent a73446f6ed
commit a5d6245d60
11 changed files with 165 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
wp-includes/random_compat/byte_safe_strings.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -28,8 +28,9 @@
if (!is_callable('RandomCompat_strlen')) {
if (
defined('MB_OVERLOAD_STRING') &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
defined('MB_OVERLOAD_STRING')
&&
((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
) {
/**
* strlen() implementation that isn't brittle to mbstring.func_overload
@ -82,8 +83,8 @@ if (!is_callable('RandomCompat_substr')) {
if (
defined('MB_OVERLOAD_STRING')
&&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
&&
((int) ini_get('mbstring.func_overload')) & MB_OVERLOAD_STRING
) {
/**
* substr() implementation that isn't brittle to mbstring.func_overload
@ -93,7 +94,7 @@ if (!is_callable('RandomCompat_substr')) {
*
* @param string $binary_string
* @param int $start
* @param int $length (optional)
* @param int|null $length (optional)
*
* @throws TypeError
*
@ -118,6 +119,7 @@ if (!is_callable('RandomCompat_substr')) {
* mb_substr($str, 0, NULL, '8bit') returns an empty string on
* PHP 5.3, so we have to find the length ourselves.
*/
/** @var int $length */
$length = RandomCompat_strlen($binary_string) - $start;
} elseif (!is_int($length)) {
throw new TypeError(
@ -133,7 +135,12 @@ if (!is_callable('RandomCompat_substr')) {
return '';
}
return (string) mb_substr($binary_string, $start, $length, '8bit');
return (string) mb_substr(
(string) $binary_string,
(int) $start,
(int) $length,
'8bit'
);
}
} else {
@ -145,7 +152,7 @@ if (!is_callable('RandomCompat_substr')) {
*
* @param string $binary_string
* @param int $start
* @param int $length (optional)
* @param int|null $length (optional)
*
* @throws TypeError
*
@ -172,10 +179,17 @@ if (!is_callable('RandomCompat_substr')) {
);
}
return (string) substr($binary_string, $start, $length);
return (string) substr(
(string )$binary_string,
(int) $start,
(int) $length
);
}
return (string) substr($binary_string, $start);
return (string) substr(
(string) $binary_string,
(int) $start
);
}
}
}

8
wp-includes/random_compat/cast_to_int.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -50,14 +50,16 @@ if (!is_callable('RandomCompat_intval')) {
if (is_int($number) || is_float($number)) {
$number += 0;
} elseif (is_numeric($number)) {
/** @psalm-suppress InvalidOperand */
$number += 0;
}
/** @var int|float $number */
if (
is_float($number)
&&
&&
$number > ~PHP_INT_MAX
&&
&&
$number < PHP_INT_MAX
) {
$number = (int) $number;

2
wp-includes/random_compat/error_polyfill.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal

31
wp-includes/random_compat/random.php
View File

@ -3,12 +3,12 @@
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* @version 2.0.10
* @released 2017-03-13
* @version 2.0.17
* @released 2018-07-04
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -54,9 +54,9 @@ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
$RandomCompatDIR = dirname(__FILE__);
require_once $RandomCompatDIR . '/byte_safe_strings.php';
require_once $RandomCompatDIR . '/cast_to_int.php';
require_once $RandomCompatDIR . '/error_polyfill.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'byte_safe_strings.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'cast_to_int.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'error_polyfill.php';
if (!is_callable('random_bytes')) {
/**
@ -76,9 +76,9 @@ if (!is_callable('random_bytes')) {
if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php
if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium.php';
} elseif (method_exists('Sodium', 'randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_libsodium_legacy.php';
}
}
@ -117,7 +117,7 @@ if (!is_callable('random_bytes')) {
// place, that is not helpful to us here.
// See random_bytes_dev_urandom.php
require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_dev_urandom.php';
}
// Unset variables after use
$RandomCompat_basedir = null;
@ -159,7 +159,7 @@ if (!is_callable('random_bytes')) {
extension_loaded('mcrypt')
) {
// See random_bytes_mcrypt.php
require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_mcrypt.php';
}
$RandomCompatUrandom = null;
@ -182,9 +182,10 @@ if (!is_callable('random_bytes')) {
if (!in_array('com', $RandomCompat_disabled_classes)) {
try {
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
/** @psalm-suppress TypeDoesNotContainType */
if (is_callable(array($RandomCompatCOMtest, 'GetRandom'))) {
// See random_bytes_com_dotnet.php
require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_bytes_com_dotnet.php';
}
} catch (com_exception $e) {
// Don't try to use it.
@ -203,8 +204,9 @@ if (!is_callable('random_bytes')) {
* and hope the developer won't let it fail silently.
*
* @param mixed $length
* @return void
* @psalm-suppress InvalidReturnType
* @throws Exception
* @return string
*/
function random_bytes($length)
{
@ -212,12 +214,13 @@ if (!is_callable('random_bytes')) {
throw new Exception(
'There is no suitable CSPRNG installed on your system'
);
return '';
}
}
}
if (!is_callable('random_int')) {
require_once $RandomCompatDIR . '/random_int.php';
require_once $RandomCompatDIR.DIRECTORY_SEPARATOR.'random_int.php';
}
$RandomCompatDIR = null;

9
wp-includes/random_compat/random_bytes_com_dotnet.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -41,6 +41,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes)
{
try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
@ -54,12 +55,14 @@ if (!is_callable('random_bytes')) {
);
}
/** @var string $buf */
$buf = '';
if (!class_exists('COM')) {
throw new Error(
'COM does not exist'
);
}
/** @var COM $util */
$util = new COM('CAPICOM.Utilities.1');
$execCount = 0;
@ -68,12 +71,12 @@ if (!is_callable('random_bytes')) {
* get N bytes of random data, then CAPICOM has failed us.
*/
do {
$buf .= base64_decode($util->GetRandom($bytes, 0));
$buf .= base64_decode((string) $util->GetRandom($bytes, 0));
if (RandomCompat_strlen($buf) >= $bytes) {
/**
* Return our random entropy buffer here:
*/
return RandomCompat_substr($buf, 0, $bytes);
return (string) RandomCompat_substr($buf, 0, $bytes);
}
++$execCount;
} while ($execCount < $bytes);

69
wp-includes/random_compat/random_bytes_dev_urandom.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -36,6 +36,7 @@ if (!is_callable('random_bytes')) {
* random numbers in accordance with best practices
*
* Why we use /dev/urandom and not /dev/random
* @ref https://www.2uo.de/myths-about-urandom
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
*
* @param int $bytes
@ -46,25 +47,47 @@ if (!is_callable('random_bytes')) {
*/
function random_bytes($bytes)
{
/** @var resource $fp */
static $fp = null;
/**
* This block should only be run once
*/
if (empty($fp)) {
/**
* We use /dev/urandom if it is a char device.
* We never fall back to /dev/random
* We don't want to ever read C:\dev\random, only /dev/urandom on
* Unix-like operating systems. While we guard against this
* condition in random.php, it doesn't hurt to be defensive in depth
* here.
*
* To that end, we only try to open /dev/urandom if we're on a Unix-
* like operating system (which means the directory separator is set
* to "/" not "\".
*/
$fp = fopen('/dev/urandom', 'rb');
if (!empty($fp)) {
$st = fstat($fp);
if (($st['mode'] & 0170000) !== 020000) {
fclose($fp);
$fp = false;
if (DIRECTORY_SEPARATOR === '/') {
if (!is_readable('/dev/urandom')) {
throw new Exception(
'Environment misconfiguration: ' .
'/dev/urandom cannot be read.'
);
}
/**
* We use /dev/urandom if it is a char device.
* We never fall back to /dev/random
*/
/** @var resource|bool $fp */
$fp = fopen('/dev/urandom', 'rb');
if (is_resource($fp)) {
/** @var array<string, int> $st */
$st = fstat($fp);
if (($st['mode'] & 0170000) !== 020000) {
fclose($fp);
$fp = false;
}
}
}
if (!empty($fp)) {
if (is_resource($fp)) {
/**
* stream_set_read_buffer() does not exist in HHVM
*
@ -83,6 +106,7 @@ if (!is_callable('random_bytes')) {
}
try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
@ -103,7 +127,7 @@ if (!is_callable('random_bytes')) {
* if (empty($fp)) line is logic that should only be run once per
* page load.
*/
if (!empty($fp)) {
if (is_resource($fp)) {
/**
* @var int
*/
@ -123,29 +147,28 @@ if (!is_callable('random_bytes')) {
*/
$read = fread($fp, $remaining);
if (!is_string($read)) {
if ($read === false) {
/**
* We cannot safely read from the file. Exit the
* do-while loop and trigger the exception condition
*
* @var string|bool
*/
$buf = false;
break;
}
/**
* We cannot safely read from the file. Exit the
* do-while loop and trigger the exception condition
*
* @var string|bool
*/
$buf = false;
break;
}
/**
* Decrease the number of bytes returned from remaining
*/
$remaining -= RandomCompat_strlen($read);
/**
* @var string|bool
* @var string $buf
*/
$buf = $buf . $read;
$buf .= $read;
} while ($remaining > 0);
/**
* Is our result valid?
* @var string|bool $buf
*/
if (is_string($buf)) {
if (RandomCompat_strlen($buf) === $bytes) {

7
wp-includes/random_compat/random_bytes_libsodium.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -43,6 +43,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes)
{
try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
@ -60,6 +61,7 @@ if (!is_callable('random_bytes')) {
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
* generated in one invocation.
*/
/** @var string|bool $buf */
if ($bytes > 2147483647) {
$buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) {
@ -69,10 +71,11 @@ if (!is_callable('random_bytes')) {
$buf .= \Sodium\randombytes_buf($n);
}
} else {
/** @var string|bool $buf */
$buf = \Sodium\randombytes_buf($bytes);
}
if ($buf !== false) {
if (is_string($buf)) {
if (RandomCompat_strlen($buf) === $bytes) {
return $buf;
}

3
wp-includes/random_compat/random_bytes_libsodium_legacy.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -43,6 +43,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes)
{
try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(

10
wp-includes/random_compat/random_bytes_mcrypt.php
View File

@ -5,7 +5,7 @@
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -42,6 +42,7 @@ if (!is_callable('random_bytes')) {
function random_bytes($bytes)
{
try {
/** @var int $bytes */
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
@ -55,10 +56,11 @@ if (!is_callable('random_bytes')) {
);
}
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
/** @var string|bool $buf */
$buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM);
if (
$buf !== false
&&
is_string($buf)
&&
RandomCompat_strlen($buf) === $bytes
) {
/**

16
wp-includes/random_compat/random_int.php
View File

@ -7,7 +7,7 @@ if (!is_callable('random_int')) {
*
* The MIT License (MIT)
*
* Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@ -51,6 +51,7 @@ if (!is_callable('random_int')) {
*/
try {
/** @var int $min */
$min = RandomCompat_intval($min);
} catch (TypeError $ex) {
throw new TypeError(
@ -59,6 +60,7 @@ if (!is_callable('random_int')) {
}
try {
/** @var int $max */
$max = RandomCompat_intval($max);
} catch (TypeError $ex) {
throw new TypeError(
@ -90,11 +92,18 @@ if (!is_callable('random_int')) {
* so we can minimize the number of discards
*/
$attempts = $bits = $bytes = $mask = $valueShift = 0;
/** @var int $attempts */
/** @var int $bits */
/** @var int $bytes */
/** @var int $mask */
/** @var int $valueShift */
/**
* At this point, $range is a positive number greater than 0. It might
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
* a float and we will lose some precision.
*
* @var int|float $range
*/
$range = $max - $min;
@ -115,6 +124,7 @@ if (!is_callable('random_int')) {
* @ref http://3v4l.org/XX9r5 (64-bit)
*/
$bytes = PHP_INT_SIZE;
/** @var int $mask */
$mask = ~0;
} else {
@ -129,16 +139,19 @@ if (!is_callable('random_int')) {
}
++$bits;
$range >>= 1;
/** @var int $mask */
$mask = $mask << 1 | 1;
}
$valueShift = $min;
}
/** @var int $val */
$val = 0;
/**
* Now that we have our parameters set up, let's begin generating
* random integers until one falls between $min and $max
*/
/** @psalm-suppress RedundantCondition */
do {
/**
* The rejection probability is at most 0.5, so this corresponds
@ -169,6 +182,7 @@ if (!is_callable('random_int')) {
for ($i = 0; $i < $bytes; ++$i) {
$val |= ord($randomByteString[$i]) << ($i * 8);
}
/** @var int $val */
/**
* Apply mask

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.0-alpha-52741';
$wp_version = '6.0-alpha-52742';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.