<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[35365] trunk/src/wp-includes: Update to Random_Compat 1.0.9.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/35365">35365</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/35365","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2015-10-23 04:21:01 +0000 (Fri, 23 Oct 2015)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Update to Random_Compat 1.0.9.
This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities.
Fixes <a href="https://core.trac.wordpress.org/ticket/28633">#28633</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludespluggablephp">trunk/src/wp-includes/pluggable.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatbyte_safe_stringsphp">trunk/src/wp-includes/random_compat/byte_safe_strings.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compaterror_polyfillphp">trunk/src/wp-includes/random_compat/error_polyfill.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandomphp">trunk/src/wp-includes/random_compat/random.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp">trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp">trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp">trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_opensslphp">trunk/src/wp-includes/random_compat/random_bytes_openssl.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_intphp">trunk/src/wp-includes/random_compat/random_int.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesrandom_compatcast_to_intphp">trunk/src/wp-includes/random_compat/cast_to_int.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_libsodiumphp">trunk/src/wp-includes/random_compat/random_bytes_libsodium.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludespluggablephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/pluggable.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/pluggable.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/pluggable.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2188,7 +2188,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="cx" style="display: block; padding: 0 10px"> $use_random_int_functionality = false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } catch ( Throwable $t ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } catch ( Error $e ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $use_random_int_functionality = false;
</span><span class="cx" style="display: block; padding: 0 10px"> } catch ( Exception $e ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $use_random_int_functionality = false;
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatbyte_safe_stringsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/byte_safe_strings.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/byte_safe_strings.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/byte_safe_strings.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -27,7 +27,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (!function_exists('RandomCompat_strlen')) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (
+ defined('MB_OVERLOAD_STRING') &&
+ ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+ ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * strlen() implementation that isn't brittle to mbstring.func_overload
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -74,7 +77,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (!function_exists('RandomCompat_substr')) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (defined('MB_OVERLOAD_STRING') && ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (
+ defined('MB_OVERLOAD_STRING') &&
+ ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
+ ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * substr() implementation that isn't brittle to mbstring.func_overload
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatcast_to_intphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/cast_to_int.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/cast_to_int.php (rev 0)
+++ trunk/src/wp-includes/random_compat/cast_to_int.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,64 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+if (!function_exists('RandomCompat_intval')) {
+
+ /**
+ * Cast to an integer if we can, safely.
+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
+ *
+ * @param numeric $number The number we want to convert to an int
+ * @param boolean $fail_open Set to true to not throw an exception
+ *
+ * @return int (or float if $fail_open)
+ */
+ function RandomCompat_intval($number, $fail_open = false)
+ {
+ if (is_numeric($number)) {
+ $number += 0;
+ }
+ if (
+ is_float($number) &&
+ $number > ~PHP_INT_MAX &&
+ $number < PHP_INT_MAX
+ ) {
+ $number = (int) $number;
+ }
+ if (is_int($number) || $fail_open) {
+ return $number;
+ }
+ throw new TypeError(
+ 'Expected an integer.'
+ );
+ }
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compaterror_polyfillphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/error_polyfill.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/error_polyfill.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/error_polyfill.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,15 +26,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if (!interface_exists('Throwable', false)) {
- interface Throwable
- {
- }
-}
-
</del><span class="cx" style="display: block; padding: 0 10px"> if (!class_exists('Error', false)) {
</span><span class="cx" style="display: block; padding: 0 10px"> // We can't really avoid making this extend Exception in PHP 5.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- class Error extends Exception implements Throwable
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ class Error extends Exception
</ins><span class="cx" style="display: block; padding: 0 10px"> {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandomphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -28,15 +28,18 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (!defined('PHP_VERSION_ID')) {
</span><span class="cx" style="display: block; padding: 0 10px"> // This constant was introduced in PHP 5.2.7
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $version = explode('.', PHP_VERSION);
- define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $RandomCompatversion = explode('.', PHP_VERSION);
+ define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
+ unset($RandomCompatversion);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if (PHP_VERSION_ID < 70000) {
</span><span class="cx" style="display: block; padding: 0 10px"> if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
</span><span class="cx" style="display: block; padding: 0 10px"> define('RANDOM_COMPAT_READ_BUFFER', 8);
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once "byte_safe_strings.php";
- require_once "error_polyfill.php";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $__DIR__ = dirname(__FILE__);
+ require_once $__DIR__.'/byte_safe_strings.php';
+ require_once $__DIR__.'/cast_to_int.php';
+ require_once $__DIR__.'/error_polyfill.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> if (!function_exists('random_bytes')) {
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * PHP 5.2.0 - 5.6.x way to implement random_bytes()
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -45,26 +48,68 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * to the operating environment. It's a micro-optimization.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * In order of preference:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * 1. fread() /dev/urandom if available
- * 2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
- * 3. COM('CAPICOM.Utilities.1')->GetRandom()
- * 4. openssl_random_pseudo_bytes()
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * 1. Use libsodium if available.
+ * 2. fread() /dev/urandom if available (never on Windows)
+ * 3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
+ * 4. COM('CAPICOM.Utilities.1')->GetRandom()
+ * 5. openssl_random_pseudo_bytes() (absolute last resort)
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * See ERRATA.md for our reasoning behind this particular order
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (extension_loaded('libsodium')) {
+ // See random_bytes_libsodium.php
+ require_once $__DIR__.'/random_bytes_libsodium.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ DIRECTORY_SEPARATOR === '/' &&
+ @is_readable('/dev/urandom')
+ ) {
+ // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+ // way to exclude Windows.
+ //
+ // Error suppression on is_readable() in case of an open_basedir or
+ // safe_mode failure. All we care about is whether or not we can
+ // read it at this point. If the PHP environment is going to panic
+ // over trying to see if the file can be read in the first place,
+ // that is not helpful to us here.
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // See random_bytes_dev_urandom.php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once "random_bytes_dev_urandom.php";
- } elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ require_once $__DIR__.'/random_bytes_dev_urandom.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ PHP_VERSION_ID >= 50307 &&
+ extension_loaded('mcrypt')
+ ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> // See random_bytes_mcrypt.php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once "random_bytes_mcrypt.php";
- } elseif (extension_loaded('com_dotnet')) {
- // See random_bytes_com_dotnet.php
- require_once "random_bytes_com_dotnet.php";
- } elseif (function_exists('openssl_random_pseudo_bytes')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ require_once $__DIR__.'/random_bytes_mcrypt.php';
+ }
+ if (
+ !function_exists('random_bytes') &&
+ extension_loaded('com_dotnet') &&
+ class_exists('COM')
+ ) {
+ try {
+ $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+ if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+ // See random_bytes_com_dotnet.php
+ require_once $__DIR__.'/random_bytes_com_dotnet.php';
+ }
+ } catch (com_exception $e) {
+ // Don't try to use it.
+ }
+ unset($RandomCompatCOMtest);
+ }
+ if (
+ !function_exists('random_bytes') &&
+ extension_loaded('openssl') &&
+ PHP_VERSION_ID >= 50300
+ ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> // See random_bytes_openssl.php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once "random_bytes_openssl.php";
- } else {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ require_once $__DIR__.'/random_bytes_openssl.php';
+ }
+ if (!function_exists('random_bytes')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * We don't have any more options, so let's throw an exception right now
</span><span class="cx" style="display: block; padding: 0 10px"> * and hope the developer won't let it fail silently.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -78,6 +123,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if (!function_exists('random_int')) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once "random_int.php";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ require_once $__DIR__.'/random_int.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ unset($__DIR__);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -39,9 +39,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function random_bytes($bytes)
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_int($bytes)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Length must be an integer'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'random_bytes(): $bytes must be an integer'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if ($bytes < 1) {
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -74,9 +74,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_int($bytes)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Length must be an integer'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'random_bytes(): $bytes must be an integer'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if ($bytes < 1) {
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_libsodiumphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: trunk/src/wp-includes/random_compat/random_bytes_libsodium.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_libsodium.php (rev 0)
+++ trunk/src/wp-includes/random_compat/random_bytes_libsodium.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,84 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/**
+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+function random_bytes($bytes)
+{
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ $buf = '';
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= \Sodium\randombytes_buf($n);
+ }
+ } else {
+ $buf = \Sodium\randombytes_buf($bytes);
+ }
+
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'PHP failed to generate random data.'
+ );
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -41,9 +41,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function random_bytes($bytes)
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_int($bytes)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Length must be an integer'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'random_bytes(): $bytes must be an integer'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if ($bytes < 1) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -52,7 +54,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
</ins><span class="cx" style="display: block; padding: 0 10px"> if ($buf !== false) {
</span><span class="cx" style="display: block; padding: 0 10px"> if (RandomCompat_strlen($buf) === $bytes) {
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_opensslphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_openssl.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_openssl.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random_bytes_openssl.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -41,9 +41,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function random_bytes($bytes)
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_int($bytes)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Length must be an integer'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'random_bytes(): $bytes must be an integer'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> if ($bytes < 1) {
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_intphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_int.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_int.php 2015-10-23 02:00:21 UTC (rev 35364)
+++ trunk/src/wp-includes/random_compat/random_int.php 2015-10-23 04:21:01 UTC (rev 35365)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -40,21 +40,34 @@
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Type and input logic checks
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_numeric($min)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ try {
+ $min = RandomCompat_intval($min);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><span class="cx" style="display: block; padding: 0 10px"> 'random_int(): $min must be an integer'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!is_numeric($max)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $max = RandomCompat_intval($max);
+ } catch (TypeError $ex) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><span class="cx" style="display: block; padding: 0 10px"> 'random_int(): $max must be an integer'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- $min = (int) $min;
- $max = (int) $max;
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * Now that we've verified our weak typing system has given us an integer,
+ * let's validate the logic then we can move forward with generating random
+ * integers along a given range.
+ */
</ins><span class="cx" style="display: block; padding: 0 10px"> if ($min > $max) {
</span><span class="cx" style="display: block; padding: 0 10px"> throw new Error(
</span><span class="cx" style="display: block; padding: 0 10px"> 'Minimum value must be less than or equal to the maximum value'
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -164,7 +177,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * If $val overflows to a floating point number,
</span><span class="cx" style="display: block; padding: 0 10px"> * ... or is larger than $max,
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * ... or smaller than $int,
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * ... or smaller than $min,
</ins><span class="cx" style="display: block; padding: 0 10px"> * then try again.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> } while (!is_int($val) || $val > $max || $val < $min);
</span></span></pre>
</div>
</div>
</body>
</html>