<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[34922] trunk/src/wp-includes: Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/34922">34922</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/34922","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2015-10-08 00:01:26 +0000 (Thu, 08 Oct 2015)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Use PHP7's `random_int()` CSPRNG functionality in `wp_rand()` with a fallback to the `random_compat` library for PHP 5.x.
`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.
Props sarciszewski
See <a href="https://core.trac.wordpress.org/ticket/28633">#28633</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludescompatphp">trunk/src/wp-includes/compat.php</a></li>
<li><a href="#trunksrcwpincludespluggablephp">trunk/src/wp-includes/pluggable.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>trunk/src/wp-includes/random_compat/</li>
<li><a href="#trunksrcwpincludesrandom_compatbyte_safe_stringsphp">trunk/src/wp-includes/random_compat/byte_safe_strings.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compaterror_polyfillphp">trunk/src/wp-includes/random_compat/error_polyfill.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandomphp">trunk/src/wp-includes/random_compat/random.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp">trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp">trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp">trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_opensslphp">trunk/src/wp-includes/random_compat/random_bytes_openssl.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_intphp">trunk/src/wp-includes/random_compat/random_int.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludescompatphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/compat.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/compat.php 2015-10-07 23:53:35 UTC (rev 34921)
+++ trunk/src/wp-includes/compat.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -332,3 +332,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> public function jsonSerialize();
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+// random_int was introduced in PHP 7.0
+if ( ! function_exists( 'random_int' ) ) {
+ require ABSPATH . WPINC . '/random_compat/random.php';
+}
</ins></span></pre></div>
<a id="trunksrcwpincludespluggablephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/pluggable.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/pluggable.php 2015-10-07 23:53:35 UTC (rev 34921)
+++ trunk/src/wp-includes/pluggable.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2132,9 +2132,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Generates a random number
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.6.2
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @since 4.4 Uses PHP7 random_int() or the random_compat library if avaialble.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @global string $rnd_value
</span><span class="cx" style="display: block; padding: 0 10px"> * @staticvar string $seed
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @staticvar bool $external_rand_source_available
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param int $min Lower limit for the generated number
</span><span class="cx" style="display: block; padding: 0 10px"> * @param int $max Upper limit for the generated number
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2143,6 +2145,34 @@
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_rand( $min = 0, $max = 0 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> global $rnd_value;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
+ $max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff
+
+ // We only handle Ints, floats are truncated to their integer value.
+ $min = (int) $min;
+ $max = (int) $max;
+
+ // Use PHP's CSPRNG, or a compatible method
+ static $use_random_int_functionality = true;
+ if ( $use_random_int_functionality ) {
+ try {
+ $_max = ( 0 != $max ) ? $max : $max_random_number;
+ // wp_rand() can accept arguements in either order, PHP cannot.
+ $_max = max( $min, $_max );
+ $_min = min( $min, $_max );
+ $val = random_int( $_min, $_max );
+ if ( false !== $val ) {
+ return absint( $val );
+ } else {
+ $use_random_int_functionality = false;
+ }
+ } catch ( Throwable $t ) {
+ $use_random_int_functionality = false;
+ } catch ( Exception $e ) {
+ $use_random_int_functionality = false;
+ }
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // Reset $rnd_value after 14 uses
</span><span class="cx" style="display: block; padding: 0 10px"> // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
</span><span class="cx" style="display: block; padding: 0 10px"> if ( strlen($rnd_value) < 8 ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2167,9 +2197,6 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $value = abs(hexdec($value));
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
- $max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff
-
</del><span class="cx" style="display: block; padding: 0 10px"> // Reduce the value to be within the min - max range
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $max != 0 )
</span><span class="cx" style="display: block; padding: 0 10px"> $value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatbyte_safe_stringsphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/byte_safe_strings.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/byte_safe_strings.php (rev 0)
+++ trunk/src/wp-includes/random_compat/byte_safe_strings.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,154 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!function_exists('RandomCompat_strlen')) {
+ if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
+ /**
+ * strlen() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version uses mb_strlen() in '8bit' mode to treat strings as raw
+ * binary rather than UTF-8, ISO-8859-1, etc
+ *
+ * @param string $binary_string
+ *
+ * @throws TypeError
+ *
+ * @return int
+ */
+ function RandomCompat_strlen($binary_string)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_strlen() expects a string'
+ );
+ }
+ return mb_strlen($binary_string, '8bit');
+ }
+ } else {
+ /**
+ * strlen() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version just used the default strlen()
+ *
+ * @param string $binary_string
+ *
+ * @throws TypeError
+ *
+ * @return int
+ */
+ function RandomCompat_strlen($binary_string)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_strlen() expects a string'
+ );
+ }
+ return strlen($binary_string);
+ }
+ }
+}
+
+if (!function_exists('RandomCompat_substr')) {
+ if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
+ /**
+ * substr() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version uses mb_substr() in '8bit' mode to treat strings as raw
+ * binary rather than UTF-8, ISO-8859-1, etc
+ *
+ * @param string $binary_string
+ * @param int $start
+ * @param int $length (optional)
+ *
+ * @throws TypeError
+ *
+ * @return string
+ */
+ function RandomCompat_substr($binary_string, $start, $length = null)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): First argument should be a string'
+ );
+ }
+ if (!is_int($start)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Second argument should be an integer'
+ );
+ }
+ if ($length === null) {
+ /**
+ * mb_substr($str, 0, NULL, '8bit') returns an empty string on
+ * PHP 5.3, so we have to find the length ourselves.
+ */
+ $length = RandomCompat_strlen($length) - $start;
+ } elseif (!is_int($length)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Third argument should be an integer, or omitted'
+ );
+ }
+ return mb_substr($binary_string, $start, $length, '8bit');
+ }
+ } else {
+ /**
+ * substr() implementation that isn't brittle to mbstring.func_overload
+ *
+ * This version just uses the default substr()
+ *
+ * @param string $binary_string
+ * @param int $start
+ * @param int $length (optional)
+ *
+ * @throws TypeError
+ *
+ * @return string
+ */
+ function RandomCompat_substr($binary_string, $start, $length = null)
+ {
+ if (!is_string($binary_string)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): First argument should be a string'
+ );
+ }
+ if (!is_int($start)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Second argument should be an integer'
+ );
+ }
+ if ($length !== null) {
+ if (!is_int($length)) {
+ throw new TypeError(
+ 'RandomCompat_substr(): Third argument should be an integer, or omitted'
+ );
+ }
+ return substr($binary_string, $start, $length);
+ }
+ return substr($binary_string, $start);
+ }
+ }
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compaterror_polyfillphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/error_polyfill.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/error_polyfill.php (rev 0)
+++ trunk/src/wp-includes/random_compat/error_polyfill.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,56 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!interface_exists('Throwable', false)) {
+ interface Throwable
+ {
+ public function getMessage();
+ public function getCode();
+ public function getFile();
+ public function getLine();
+ public function getTrace();
+ public function getTraceAsString();
+ public function getPrevious();
+ public function __toString();
+ }
+}
+
+if (!class_exists('Error', false)) {
+ // We can't really avoid making this extend Exception in PHP 5.
+ class Error extends Exception implements Throwable
+ {
+
+ }
+}
+
+if (!class_exists('TypeError', false)) {
+ class TypeError extends Error
+ {
+
+ }
+}
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandomphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,83 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('PHP_VERSION_ID')) {
+ // This constant was introduced in PHP 5.2.7
+ $version = explode('.', PHP_VERSION);
+ define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
+}
+if (PHP_VERSION_ID < 70000) {
+ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+ }
+ require_once "byte_safe_strings.php";
+ require_once "error_polyfill.php";
+ if (!function_exists('random_bytes')) {
+ /**
+ * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+ *
+ * We use conditional statements here to define the function in accordance
+ * to the operating environment. It's a micro-optimization.
+ *
+ * In order of preference:
+ * 1. fread() /dev/urandom if available
+ * 2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
+ * 3. COM('CAPICOM.Utilities.1')->GetRandom()
+ * 4. openssl_random_pseudo_bytes()
+ *
+ * See ERRATA.md for our reasoning behind this particular order
+ */
+ if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
+ // See random_bytes_dev_urandom.php
+ require_once "random_bytes_dev_urandom.php";
+ } elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) {
+ // See random_bytes_mcrypt.php
+ require_once "random_bytes_mcrypt.php";
+ } elseif (extension_loaded('com_dotnet')) {
+ // See random_bytes_com_dotnet.php
+ require_once "random_bytes_com_dotnet.php";
+ } elseif (function_exists('openssl_random_pseudo_bytes')) {
+ // See random_bytes_openssl.php
+ require_once "random_bytes_openssl.php";
+ } else {
+ /**
+ * We don't have any more options, so let's throw an exception right now
+ * and hope the developer won't let it fail silently.
+ */
+ function random_bytes()
+ {
+ throw new Exception(
+ 'There is no suitable CSPRNG installed on your system'
+ );
+ }
+ }
+ }
+ if (!function_exists('random_int')) {
+ require_once "random_int.php";
+ }
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,75 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Windows with PHP < 5.3.0 will not have the function
+ * openssl_random_pseudo_bytes() available, so let's use
+ * CAPICOM to work around this deficiency.
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ if (!is_int($bytes)) {
+ throw new TypeError(
+ 'Length must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ $buf = '';
+ $util = new COM('CAPICOM.Utilities.1');
+ $execCount = 0;
+ /**
+ * Let's not let it loop forever. If we run N times and fail to
+ * get N bytes of random data, then CAPICOM has failed us.
+ */
+ do {
+ $buf .= base64_decode($util->GetRandom($bytes, 0));
+ if (RandomCompat_strlen($buf) >= $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return RandomCompat_substr($buf, 0, $bytes);
+ }
+ ++$execCount;
+ } while ($execCount < $bytes);
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'PHP failed to generate random data.'
+ );
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,135 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
+
+/**
+ * Unless open_basedir is enabled, use /dev/urandom for
+ * random numbers in accordance with best practices
+ *
+ * Why we use /dev/urandom and not /dev/random
+ * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ static $fp = null;
+ /**
+ * This block should only be run once
+ */
+ if (empty($fp)) {
+ /**
+ * We use /dev/urandom if it is a char device.
+ * We never fall back to /dev/random
+ */
+ $fp = fopen('/dev/urandom', 'rb');
+ if (!empty($fp)) {
+ $st = fstat($fp);
+ if (($st['mode'] & 0170000) !== 020000) {
+ fclose($fp);
+ $fp = false;
+ }
+ }
+ /**
+ * stream_set_read_buffer() does not exist in HHVM
+ *
+ * If we don't set the stream's read buffer to 0, PHP will
+ * internally buffer 8192 bytes, which can waste entropy
+ *
+ * stream_set_read_buffer returns 0 on success
+ */
+ if (!empty($fp) && function_exists('stream_set_read_buffer')) {
+ stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
+ }
+ if (!is_int($bytes)) {
+ throw new TypeError(
+ 'Length must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ /**
+ * This if() block only runs if we managed to open a file handle
+ *
+ * It does not belong in an else {} block, because the above
+ * if (empty($fp)) line is logic that should only be run once per
+ * page load.
+ */
+ if (!empty($fp)) {
+ $remaining = $bytes;
+ $buf = '';
+ /**
+ * We use fread() in a loop to protect against partial reads
+ */
+ do {
+ $read = fread($fp, $remaining);
+ if ($read === false) {
+ /**
+ * We cannot safely read from the file. Exit the
+ * do-while loop and trigger the exception condition
+ */
+ $buf = false;
+ break;
+ }
+ /**
+ * Decrease the number of bytes returned from remaining
+ */
+ $remaining -= RandomCompat_strlen($read);
+ $buf .= $read;
+ } while ($remaining > 0);
+
+ /**
+ * Is our result valid?
+ */
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'PHP failed to generate random data.'
+ );
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,70 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+/**
+ * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
+ *
+ * @ref https://bugs.php.net/bug.php?id=55169
+ * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ if (!is_int($bytes)) {
+ throw new TypeError(
+ 'Length must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+
+ $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'PHP failed to generate random data.'
+ );
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_opensslphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_bytes_openssl.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_openssl.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_bytes_openssl.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,74 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Since openssl_random_pseudo_bytes() uses openssl's
+ * RAND_pseudo_bytes() API, which has been marked as deprecated by the
+ * OpenSSL team, this is our last resort before failure.
+ *
+ * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ if (!is_int($bytes)) {
+ throw new TypeError(
+ 'Length must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ $secure = true;
+ /**
+ * $secure is passed by reference. If it's set to false, fail. Note
+ * that this will only return false if this function fails to return
+ * any data.
+ *
+ * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973
+ */
+ $buf = openssl_random_pseudo_bytes($bytes, $secure);
+ if ($buf !== false && $secure) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'PHP failed to generate random data.'
+ );
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_intphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_int.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_int.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_int.php 2015-10-08 00:01:26 UTC (rev 34922)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,172 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * Fetch a random integer between $min and $max inclusive
+ *
+ * @param int $min
+ * @param int $max
+ *
+ * @throws Exception
+ *
+ * @return int
+ */
+function random_int($min, $max)
+{
+ /**
+ * Type and input logic checks
+ */
+ if (!is_numeric($min)) {
+ throw new TypeError(
+ 'random_int(): $min must be an integer'
+ );
+ }
+ if (!is_numeric($max)) {
+ throw new TypeError(
+ 'random_int(): $max must be an integer'
+ );
+ }
+
+ $min = (int) $min;
+ $max = (int) $max;
+
+ if ($min > $max) {
+ throw new Error(
+ 'Minimum value must be less than or equal to the maximum value'
+ );
+ }
+ if ($max === $min) {
+ return $min;
+ }
+
+ /**
+ * Initialize variables to 0
+ *
+ * We want to store:
+ * $bytes => the number of random bytes we need
+ * $mask => an integer bitmask (for use with the &) operator
+ * so we can minimize the number of discards
+ */
+ $attempts = $bits = $bytes = $mask = $valueShift = 0;
+
+ /**
+ * At this point, $range is a positive number greater than 0. It might
+ * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+ * a float and we will lose some precision.
+ */
+ $range = $max - $min;
+
+ /**
+ * Test for integer overflow:
+ */
+ if (!is_int($range)) {
+ /**
+ * Still safely calculate wider ranges.
+ * Provided by @CodesInChaos, @oittaa
+ *
+ * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+ *
+ * We use ~0 as a mask in this case because it generates all 1s
+ *
+ * @ref https://eval.in/400356 (32-bit)
+ * @ref http://3v4l.org/XX9r5 (64-bit)
+ */
+ $bytes = PHP_INT_SIZE;
+ $mask = ~0;
+ } else {
+ /**
+ * $bits is effectively ceil(log($range, 2)) without dealing with
+ * type juggling
+ */
+ while ($range > 0) {
+ if ($bits % 8 === 0) {
+ ++$bytes;
+ }
+ ++$bits;
+ $range >>= 1;
+ $mask = $mask << 1 | 1;
+ }
+ $valueShift = $min;
+ }
+
+ /**
+ * Now that we have our parameters set up, let's begin generating
+ * random integers until one falls between $min and $max
+ */
+ do {
+ /**
+ * The rejection probability is at most 0.5, so this corresponds
+ * to a failure probability of 2^-128 for a working RNG
+ */
+ if ($attempts > 128) {
+ throw new Exception(
+ 'random_int: RNG is broken - too many rejections'
+ );
+ }
+
+ /**
+ * Let's grab the necessary number of random bytes
+ */
+ $randomByteString = random_bytes($bytes);
+ if ($randomByteString === false) {
+ throw new Exception(
+ 'Random number generator failure'
+ );
+ }
+
+ /**
+ * Let's turn $randomByteString into an integer
+ *
+ * This uses bitwise operators (<< and |) to build an integer
+ * out of the values extracted from ord()
+ *
+ * Example: [9F] | [6D] | [32] | [0C] =>
+ * 159 + 27904 + 3276800 + 201326592 =>
+ * 204631455
+ */
+ $val = 0;
+ for ($i = 0; $i < $bytes; ++$i) {
+ $val |= ord($randomByteString[$i]) << ($i * 8);
+ }
+
+ /**
+ * Apply mask
+ */
+ $val &= $mask;
+ $val += $valueShift;
+
+ ++$attempts;
+ /**
+ * If $val overflows to a floating point number,
+ * ... or is larger than $max,
+ * ... or smaller than $int,
+ * then try again.
+ */
+ } while (!is_int($val) || $val > $max || $val < $min);
+ return (int) $val;
+}
</ins></span></pre>
</div>
</div>
</body>
</html>