From ca7a95df36bb1c9adf64328d3b31b4447fa990a8 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 14 Dec 2015 07:46:28 +0000 Subject: [PATCH] Update random_compat to latest master (~1.1.5) Changes: * Checks `disable_classes` for `COM()` before using to avoid PHP Warnings * Uses `stream_set_chunk_size()` to avoid reading 8KiB from `/dev/urandom` unintentionally. See #34948 Built from https://develop.svn.wordpress.org/trunk@35922 git-svn-id: http://core.svn.wordpress.org/trunk@35886 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/random_compat/random.php | 22 ++++++++++------ .../random_bytes_dev_urandom.php | 25 +++++++++++-------- wp-includes/version.php | 2 +- 3 files changed, 31 insertions(+), 18 deletions(-) diff --git a/wp-includes/random_compat/random.php b/wp-includes/random_compat/random.php index d1f7555afa..8898a35bcd 100644 --- a/wp-includes/random_compat/random.php +++ b/wp-includes/random_compat/random.php @@ -90,15 +90,23 @@ if (PHP_VERSION_ID < 70000) { extension_loaded('com_dotnet') && class_exists('COM') ) { - try { - $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); - if (method_exists($RandomCompatCOMtest, 'GetRandom')) { - // See random_bytes_com_dotnet.php - require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php'; + $RandomCompat_disabled_classes = preg_split( + '#\s*,\s*#', + strtolower(ini_get('disable_classes')) + ); + + if (!in_array('com', $RandomCompat_disabled_classes)) { + try { + $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); + if (method_exists($RandomCompatCOMtest, 'GetRandom')) { + // See random_bytes_com_dotnet.php + require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php'; + } + } catch (com_exception $e) { + // Don't try to use it. } - } catch (com_exception $e) { - // Don't try to use it. } + $RandomCompat_disabled_classes = null; $RandomCompatCOMtest = null; } if ( diff --git a/wp-includes/random_compat/random_bytes_dev_urandom.php b/wp-includes/random_compat/random_bytes_dev_urandom.php index aebcafcf7d..5d07104b3f 100644 --- a/wp-includes/random_compat/random_bytes_dev_urandom.php +++ b/wp-includes/random_compat/random_bytes_dev_urandom.php @@ -62,16 +62,21 @@ function random_bytes($bytes) $fp = false; } } - /** - * stream_set_read_buffer() does not exist in HHVM - * - * If we don't set the stream's read buffer to 0, PHP will - * internally buffer 8192 bytes, which can waste entropy - * - * stream_set_read_buffer returns 0 on success - */ - if (!empty($fp) && function_exists('stream_set_read_buffer')) { - stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); + if (!empty($fp)) { + /** + * stream_set_read_buffer() does not exist in HHVM + * + * If we don't set the stream's read buffer to 0, PHP will + * internally buffer 8192 bytes, which can waste entropy + * + * stream_set_read_buffer returns 0 on success + */ + if (function_exists('stream_set_read_buffer')) { + stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); + } + if (function_exists('stream_set_chunk_size')) { + stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); + } } } try { diff --git a/wp-includes/version.php b/wp-includes/version.php index 90ef388366..27f849fa2b 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-alpha-35920'; +$wp_version = '4.5-alpha-35922'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.