<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[42130] trunk/src/wp-includes/random_compat: External Libraries: Update Random_Compat from 1.2.1 to 2.0.11.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/42130">42130</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/42130","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2017-11-08 11:47:04 +0000 (Wed, 08 Nov 2017)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>External Libraries: Update Random_Compat from 1.2.1 to 2.0.11.
Notably this fixes PHP7 parse errors of the files and removes the OpenSSL functionality.
Full Changes: https://github.com/paragonie/random_compat/compare/v1.2.1...v2.0.11
Props jrdelarosa.
See <a href="https://core.trac.wordpress.org/ticket/42439">#42439</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesrandom_compatbyte_safe_stringsphp">trunk/src/wp-includes/random_compat/byte_safe_strings.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatcast_to_intphp">trunk/src/wp-includes/random_compat/cast_to_int.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compaterror_polyfillphp">trunk/src/wp-includes/random_compat/error_polyfill.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandomphp">trunk/src/wp-includes/random_compat/random.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp">trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp">trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_libsodiumphp">trunk/src/wp-includes/random_compat/random_bytes_libsodium.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_libsodium_legacyphp">trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp">trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</a></li>
<li><a href="#trunksrcwpincludesrandom_compatrandom_intphp">trunk/src/wp-includes/random_compat/random_int.php</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesrandom_compatrandom_bytes_opensslphp">trunk/src/wp-includes/random_compat/random_bytes_openssl.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludesrandom_compatbyte_safe_stringsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/byte_safe_strings.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/byte_safe_strings.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/byte_safe_strings.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,7 +5,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,7 +26,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if (!function_exists('RandomCompat_strlen')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('RandomCompat_strlen')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> if (
</span><span class="cx" style="display: block; padding: 0 10px"> defined('MB_OVERLOAD_STRING') &&
</span><span class="cx" style="display: block; padding: 0 10px"> ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -51,7 +51,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return mb_strlen($binary_string, '8bit');
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return (int) mb_strlen($binary_string, '8bit');
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -73,12 +73,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'RandomCompat_strlen() expects a string'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return strlen($binary_string);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return (int) strlen($binary_string);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if (!function_exists('RandomCompat_substr')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('RandomCompat_substr')) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (
</span><span class="cx" style="display: block; padding: 0 10px"> defined('MB_OVERLOAD_STRING')
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -118,14 +118,22 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * mb_substr($str, 0, NULL, '8bit') returns an empty string on
</span><span class="cx" style="display: block; padding: 0 10px"> * PHP 5.3, so we have to find the length ourselves.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $length = RandomCompat_strlen($length) - $start;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $length = RandomCompat_strlen($binary_string) - $start;
</ins><span class="cx" style="display: block; padding: 0 10px"> } elseif (!is_int($length)) {
</span><span class="cx" style="display: block; padding: 0 10px"> throw new TypeError(
</span><span class="cx" style="display: block; padding: 0 10px"> 'RandomCompat_substr(): Third argument should be an integer, or omitted'
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return mb_substr($binary_string, $start, $length, '8bit');
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Consistency with PHP's behavior
+ if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
+ return '';
+ }
+ if ($start > RandomCompat_strlen($binary_string)) {
+ return '';
+ }
+
+ return (string) mb_substr($binary_string, $start, $length, '8bit');
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -164,10 +172,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return substr($binary_string, $start, $length);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return (string) substr($binary_string, $start, $length);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return substr($binary_string, $start);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return (string) substr($binary_string, $start);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatcast_to_intphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/cast_to_int.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/cast_to_int.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/cast_to_int.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,7 +5,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,7 +26,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if (!function_exists('RandomCompat_intval')) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('RandomCompat_intval')) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Cast to an integer if we can, safely.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -38,16 +38,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * through.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param int|float $number The number we want to convert to an int
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param boolean $fail_open Set to true to not throw an exception
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param bool $fail_open Set to true to not throw an exception
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return int (or float if $fail_open)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return float|int
+ * @psalm-suppress InvalidReturnType
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @throws TypeError
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function RandomCompat_intval($number, $fail_open = false)
</span><span class="cx" style="display: block; padding: 0 10px"> {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (is_numeric($number)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (is_int($number) || is_float($number)) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $number += 0;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } elseif (is_numeric($number)) {
+ $number += 0;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -60,12 +63,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $number = (int) $number;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (is_int($number) || $fail_open) {
- return $number;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (is_int($number)) {
+ return (int) $number;
+ } elseif (!$fail_open) {
+ throw new TypeError(
+ 'Expected an integer.'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- throw new TypeError(
- 'Expected an integer.'
- );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return $number;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compaterror_polyfillphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/error_polyfill.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/error_polyfill.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/error_polyfill.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,9 +4,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="cx" style="display: block; padding: 0 10px"> * in the Software without restriction, including without limitation the rights
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -35,8 +35,15 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (!class_exists('TypeError', false)) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- class TypeError extends Error
- {
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (is_subclass_of('Error', 'Exception')) {
+ class TypeError extends Error
+ {
+
+ }
+ } else {
+ class TypeError extends Exception
+ {
+
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandomphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3,12 +3,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Random_* Compatibility Library
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @version 1.2.1
- * @released 2016-02-29
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @version 2.0.10
+ * @released 2017-03-13
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -31,7 +31,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if (!defined('PHP_VERSION_ID')) {
</span><span class="cx" style="display: block; padding: 0 10px"> // This constant was introduced in PHP 5.2.7
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $RandomCompatversion = explode('.', PHP_VERSION);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
</ins><span class="cx" style="display: block; padding: 0 10px"> define(
</span><span class="cx" style="display: block; padding: 0 10px"> 'PHP_VERSION_ID',
</span><span class="cx" style="display: block; padding: 0 10px"> $RandomCompatversion[0] * 10000
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -41,177 +41,183 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $RandomCompatversion = null;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if (PHP_VERSION_ID < 70000) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+/**
+ * PHP 7.0.0 and newer have these functions natively.
+ */
+if (PHP_VERSION_ID >= 70000) {
+ return;
+}
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
- define('RANDOM_COMPAT_READ_BUFFER', 8);
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+ define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $RandomCompatDIR = dirname(__FILE__);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$RandomCompatDIR = dirname(__FILE__);
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- require_once $RandomCompatDIR.'/byte_safe_strings.php';
- require_once $RandomCompatDIR.'/cast_to_int.php';
- require_once $RandomCompatDIR.'/error_polyfill.php';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once $RandomCompatDIR . '/byte_safe_strings.php';
+require_once $RandomCompatDIR . '/cast_to_int.php';
+require_once $RandomCompatDIR . '/error_polyfill.php';
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!function_exists('random_bytes')) {
- /**
- * PHP 5.2.0 - 5.6.x way to implement random_bytes()
- *
- * We use conditional statements here to define the function in accordance
- * to the operating environment. It's a micro-optimization.
- *
- * In order of preference:
- * 1. Use libsodium if available.
- * 2. fread() /dev/urandom if available (never on Windows)
- * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
- * 4. COM('CAPICOM.Utilities.1')->GetRandom()
- * 5. openssl_random_pseudo_bytes() (absolute last resort)
- *
- * See ERRATA.md for our reasoning behind this particular order
- */
- if (extension_loaded('libsodium')) {
- // See random_bytes_libsodium.php
- if (PHP_VERSION_ID >= 50300 && function_exists('\\Sodium\\randombytes_buf')) {
- require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
- } elseif (method_exists('Sodium', 'randombytes_buf')) {
- require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php';
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
+ /**
+ * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+ *
+ * We use conditional statements here to define the function in accordance
+ * to the operating environment. It's a micro-optimization.
+ *
+ * In order of preference:
+ * 1. Use libsodium if available.
+ * 2. fread() /dev/urandom if available (never on Windows)
+ * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
+ * 4. COM('CAPICOM.Utilities.1')->GetRandom()
+ *
+ * See RATIONALE.md for our reasoning behind this particular order
+ */
+ if (extension_loaded('libsodium')) {
+ // See random_bytes_libsodium.php
+ if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
+ require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
+ } elseif (method_exists('Sodium', 'randombytes_buf')) {
+ require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * Reading directly from /dev/urandom:
- */
- if (DIRECTORY_SEPARATOR === '/') {
- // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
- // way to exclude Windows.
- $RandomCompatUrandom = true;
- $RandomCompat_basedir = ini_get('open_basedir');
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * Reading directly from /dev/urandom:
+ */
+ if (DIRECTORY_SEPARATOR === '/') {
+ // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+ // way to exclude Windows.
+ $RandomCompatUrandom = true;
+ $RandomCompat_basedir = ini_get('open_basedir');
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!empty($RandomCompat_basedir)) {
- $RandomCompat_open_basedir = explode(
- PATH_SEPARATOR,
- strtolower($RandomCompat_basedir)
- );
- $RandomCompatUrandom = in_array(
- '/dev',
- $RandomCompat_open_basedir
- );
- $RandomCompat_open_basedir = null;
- }
-
- if (
- !function_exists('random_bytes')
- &&
- $RandomCompatUrandom
- &&
- @is_readable('/dev/urandom')
- ) {
- // Error suppression on is_readable() in case of an open_basedir
- // or safe_mode failure. All we care about is whether or not we
- // can read it at this point. If the PHP environment is going to
- // panic over trying to see if the file can be read in the first
- // place, that is not helpful to us here.
-
- // See random_bytes_dev_urandom.php
- require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
- }
- // Unset variables after use
- $RandomCompat_basedir = null;
- $RandomCompatUrandom = null;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (!empty($RandomCompat_basedir)) {
+ $RandomCompat_open_basedir = explode(
+ PATH_SEPARATOR,
+ strtolower($RandomCompat_basedir)
+ );
+ $RandomCompatUrandom = (array() !== array_intersect(
+ array('/dev', '/dev/', '/dev/urandom'),
+ $RandomCompat_open_basedir
+ ));
+ $RandomCompat_open_basedir = null;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * mcrypt_create_iv()
- */
</del><span class="cx" style="display: block; padding: 0 10px"> if (
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- !function_exists('random_bytes')
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ !is_callable('random_bytes')
</ins><span class="cx" style="display: block; padding: 0 10px"> &&
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- PHP_VERSION_ID >= 50307
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $RandomCompatUrandom
</ins><span class="cx" style="display: block; padding: 0 10px"> &&
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- extension_loaded('mcrypt')
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ @is_readable('/dev/urandom')
</ins><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Prevent this code from hanging indefinitely on non-Windows;
- // see https://bugs.php.net/bug.php?id=69833
- if (
- DIRECTORY_SEPARATOR !== '/' ||
- (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
- ) {
- // See random_bytes_mcrypt.php
- require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Error suppression on is_readable() in case of an open_basedir
+ // or safe_mode failure. All we care about is whether or not we
+ // can read it at this point. If the PHP environment is going to
+ // panic over trying to see if the file can be read in the first
+ // place, that is not helpful to us here.
+
+ // See random_bytes_dev_urandom.php
+ require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Unset variables after use
+ $RandomCompat_basedir = null;
+ } else {
+ $RandomCompatUrandom = false;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (
- !function_exists('random_bytes')
- &&
- extension_loaded('com_dotnet')
- &&
- class_exists('COM')
- ) {
- $RandomCompat_disabled_classes = preg_split(
- '#\s*,\s*#',
- strtolower(ini_get('disable_classes'))
- );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * mcrypt_create_iv()
+ *
+ * We only want to use mcypt_create_iv() if:
+ *
+ * - random_bytes() hasn't already been defined
+ * - the mcrypt extensions is loaded
+ * - One of these two conditions is true:
+ * - We're on Windows (DIRECTORY_SEPARATOR !== '/')
+ * - We're not on Windows and /dev/urandom is readabale
+ * (i.e. we're not in a chroot jail)
+ * - Special case:
+ * - If we're not on Windows, but the PHP version is between
+ * 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
+ * hang indefinitely. This is bad.
+ * - If we're on Windows, we want to use PHP >= 5.3.7 or else
+ * we get insufficient entropy errors.
+ */
+ if (
+ !is_callable('random_bytes')
+ &&
+ // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
+ (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
+ &&
+ // Prevent this code from hanging indefinitely on non-Windows;
+ // see https://bugs.php.net/bug.php?id=69833
+ (
+ DIRECTORY_SEPARATOR !== '/' ||
+ (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
+ )
+ &&
+ extension_loaded('mcrypt')
+ ) {
+ // See random_bytes_mcrypt.php
+ require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
+ }
+ $RandomCompatUrandom = null;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!in_array('com', $RandomCompat_disabled_classes)) {
- try {
- $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
- if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
- // See random_bytes_com_dotnet.php
- require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
- }
- } catch (com_exception $e) {
- // Don't try to use it.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * This is a Windows-specific fallback, for when the mcrypt extension
+ * isn't loaded.
+ */
+ if (
+ !is_callable('random_bytes')
+ &&
+ extension_loaded('com_dotnet')
+ &&
+ class_exists('COM')
+ ) {
+ $RandomCompat_disabled_classes = preg_split(
+ '#\s*,\s*#',
+ strtolower(ini_get('disable_classes'))
+ );
+
+ if (!in_array('com', $RandomCompat_disabled_classes)) {
+ try {
+ $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+ if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+ // See random_bytes_com_dotnet.php
+ require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } catch (com_exception $e) {
+ // Don't try to use it.
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $RandomCompat_disabled_classes = null;
- $RandomCompatCOMtest = null;
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $RandomCompat_disabled_classes = null;
+ $RandomCompatCOMtest = null;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * throw new Exception
+ */
+ if (!is_callable('random_bytes')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * openssl_random_pseudo_bytes()
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * We don't have any more options, so let's throw an exception right now
+ * and hope the developer won't let it fail silently.
+ *
+ * @param mixed $length
+ * @return void
+ * @throws Exception
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (
- (
- // Unix-like with PHP >= 5.3.0 or
- (
- DIRECTORY_SEPARATOR === '/'
- &&
- PHP_VERSION_ID >= 50300
- )
- ||
- // Windows with PHP >= 5.4.1
- PHP_VERSION_ID >= 50401
- )
- &&
- !function_exists('random_bytes')
- &&
- extension_loaded('openssl')
- ) {
- // See random_bytes_openssl.php
- require_once $RandomCompatDIR.'/random_bytes_openssl.php';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function random_bytes($length)
+ {
+ unset($length); // Suppress "variable not used" warnings.
+ throw new Exception(
+ 'There is no suitable CSPRNG installed on your system'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * throw new Exception
- */
- if (!function_exists('random_bytes')) {
- /**
- * We don't have any more options, so let's throw an exception right now
- * and hope the developer won't let it fail silently.
- */
- function random_bytes($length)
- {
- throw new Exception(
- 'There is no suitable CSPRNG installed on your system'
- );
- }
- }
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+}
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (!function_exists('random_int')) {
- require_once $RandomCompatDIR.'/random_int.php';
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_int')) {
+ require_once $RandomCompatDIR . '/random_int.php';
+}
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $RandomCompatDIR = null;
-}
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$RandomCompatDIR = null;
</ins></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_com_dotnetphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_com_dotnet.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,7 +5,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,56 +26,63 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * Windows with PHP < 5.3.0 will not have the function
- * openssl_random_pseudo_bytes() available, so let's use
- * CAPICOM to work around this deficiency.
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
- $buf = '';
- $util = new COM('CAPICOM.Utilities.1');
- $execCount = 0;
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Let's not let it loop forever. If we run N times and fail to
- * get N bytes of random data, then CAPICOM has failed us.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Windows with PHP < 5.3.0 will not have the function
+ * openssl_random_pseudo_bytes() available, so let's use
+ * CAPICOM to work around this deficiency.
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- do {
- $buf .= base64_decode($util->GetRandom($bytes, 0));
- if (RandomCompat_strlen($buf) >= $bytes) {
- /**
- * Return our random entropy buffer here:
- */
- return RandomCompat_substr($buf, 0, $bytes);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- ++$execCount;
- } while ($execCount < $bytes);
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
-}
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
+
+ $buf = '';
+ if (!class_exists('COM')) {
+ throw new Error(
+ 'COM does not exist'
+ );
+ }
+ $util = new COM('CAPICOM.Utilities.1');
+ $execCount = 0;
+
+ /**
+ * Let's not let it loop forever. If we run N times and fail to
+ * get N bytes of random data, then CAPICOM has failed us.
+ */
+ do {
+ $buf .= base64_decode($util->GetRandom($bytes, 0));
+ if (RandomCompat_strlen($buf) >= $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return RandomCompat_substr($buf, 0, $bytes);
+ }
+ ++$execCount;
+ } while ($execCount < $bytes);
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
+ }
+}
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_dev_urandomphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_dev_urandom.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,9 +4,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="cx" style="display: block; padding: 0 10px"> * in the Software without restriction, including without limitation the rights
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -30,119 +30,138 @@
</span><span class="cx" style="display: block; padding: 0 10px"> define('RANDOM_COMPAT_READ_BUFFER', 8);
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * Unless open_basedir is enabled, use /dev/urandom for
- * random numbers in accordance with best practices
- *
- * Why we use /dev/urandom and not /dev/random
- * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- static $fp = null;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This block should only be run once
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Unless open_basedir is enabled, use /dev/urandom for
+ * random numbers in accordance with best practices
+ *
+ * Why we use /dev/urandom and not /dev/random
+ * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (empty($fp)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function random_bytes($bytes)
+ {
+ static $fp = null;
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * We use /dev/urandom if it is a char device.
- * We never fall back to /dev/random
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This block should only be run once
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $fp = fopen('/dev/urandom', 'rb');
- if (!empty($fp)) {
- $st = fstat($fp);
- if (($st['mode'] & 0170000) !== 020000) {
- fclose($fp);
- $fp = false;
- }
- }
-
- if (!empty($fp)) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (empty($fp)) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * stream_set_read_buffer() does not exist in HHVM
- *
- * If we don't set the stream's read buffer to 0, PHP will
- * internally buffer 8192 bytes, which can waste entropy
- *
- * stream_set_read_buffer returns 0 on success
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * We use /dev/urandom if it is a char device.
+ * We never fall back to /dev/random
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (function_exists('stream_set_read_buffer')) {
- stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $fp = fopen('/dev/urandom', 'rb');
+ if (!empty($fp)) {
+ $st = fstat($fp);
+ if (($st['mode'] & 0170000) !== 020000) {
+ fclose($fp);
+ $fp = false;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if (function_exists('stream_set_chunk_size')) {
- stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if (!empty($fp)) {
+ /**
+ * stream_set_read_buffer() does not exist in HHVM
+ *
+ * If we don't set the stream's read buffer to 0, PHP will
+ * internally buffer 8192 bytes, which can waste entropy
+ *
+ * stream_set_read_buffer returns 0 on success
+ */
+ if (is_callable('stream_set_read_buffer')) {
+ stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
+ if (is_callable('stream_set_chunk_size')) {
+ stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * This if() block only runs if we managed to open a file handle
- *
- * It does not belong in an else {} block, because the above
- * if (empty($fp)) line is logic that should only be run once per
- * page load.
- */
- if (!empty($fp)) {
- $remaining = $bytes;
- $buf = '';
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * We use fread() in a loop to protect against partial reads
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This if() block only runs if we managed to open a file handle
+ *
+ * It does not belong in an else {} block, because the above
+ * if (empty($fp)) line is logic that should only be run once per
+ * page load.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- do {
- $read = fread($fp, $remaining);
- if ($read === false) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (!empty($fp)) {
+ /**
+ * @var int
+ */
+ $remaining = $bytes;
+
+ /**
+ * @var string|bool
+ */
+ $buf = '';
+
+ /**
+ * We use fread() in a loop to protect against partial reads
+ */
+ do {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * We cannot safely read from the file. Exit the
- * do-while loop and trigger the exception condition
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @var string|bool
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $buf = false;
- break;
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $read = fread($fp, $remaining);
+ if (!is_string($read)) {
+ if ($read === false) {
+ /**
+ * We cannot safely read from the file. Exit the
+ * do-while loop and trigger the exception condition
+ *
+ * @var string|bool
+ */
+ $buf = false;
+ break;
+ }
+ }
+ /**
+ * Decrease the number of bytes returned from remaining
+ */
+ $remaining -= RandomCompat_strlen($read);
+ /**
+ * @var string|bool
+ */
+ $buf = $buf . $read;
+ } while ($remaining > 0);
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Decrease the number of bytes returned from remaining
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Is our result valid?
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $remaining -= RandomCompat_strlen($read);
- $buf .= $read;
- } while ($remaining > 0);
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (is_string($buf)) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
+ }
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Is our result valid?
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * If we reach here, PHP has failed us.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
- /**
- * Return our random entropy buffer here:
- */
- return $buf;
- }
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ throw new Exception(
+ 'Error reading from source device'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Error reading from source device'
- );
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_libsodiumphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_libsodium.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_libsodium.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_libsodium.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,9 +4,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="cx" style="display: block; padding: 0 10px"> * in the Software without restriction, including without limitation the rights
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,61 +26,63 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * If the libsodium PHP extension is loaded, we'll use it above any other
- * solution.
- *
- * libsodium-php project:
- * @ref https://github.com/jedisct1/libsodium-php
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
- * generated in one invocation.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($bytes > 2147483647) {
- $buf = '';
- for ($i = 0; $i < $bytes; $i += 1073741824) {
- $n = ($bytes - $i) > 1073741824
- ? 1073741824
- : $bytes - $i;
- $buf .= \Sodium\randombytes_buf($n);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } else {
- $buf = \Sodium\randombytes_buf($bytes);
- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
- return $buf;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ $buf = '';
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= \Sodium\randombytes_buf($n);
+ }
+ } else {
+ $buf = \Sodium\randombytes_buf($bytes);
+ }
+
+ if ($buf !== false) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
+ }
+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_libsodium_legacyphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_libsodium_legacy.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,9 +4,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="cx" style="display: block; padding: 0 10px"> * in the Software without restriction, including without limitation the rights
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,61 +26,67 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * If the libsodium PHP extension is loaded, we'll use it above any other
- * solution.
- *
- * libsodium-php project:
- * @ref https://github.com/jedisct1/libsodium-php
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
+ /**
+ * If the libsodium PHP extension is loaded, we'll use it above any other
+ * solution.
+ *
+ * libsodium-php project:
+ * @ref https://github.com/jedisct1/libsodium-php
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
- * generated in one invocation.
- */
- if ($bytes > 2147483647) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * @var string
+ */
</ins><span class="cx" style="display: block; padding: 0 10px"> $buf = '';
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- for ($i = 0; $i < $bytes; $i += 1073741824) {
- $n = ($bytes - $i) > 1073741824
- ? 1073741824
- : $bytes - $i;
- $buf .= Sodium::randombytes_buf($n);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
+ * generated in one invocation.
+ */
+ if ($bytes > 2147483647) {
+ for ($i = 0; $i < $bytes; $i += 1073741824) {
+ $n = ($bytes - $i) > 1073741824
+ ? 1073741824
+ : $bytes - $i;
+ $buf .= Sodium::randombytes_buf((int) $n);
+ }
+ } else {
+ $buf .= Sodium::randombytes_buf((int) $bytes);
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } else {
- $buf = Sodium::randombytes_buf($bytes);
- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($buf !== false) {
- if (RandomCompat_strlen($buf) === $bytes) {
- return $buf;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (is_string($buf)) {
+ if (RandomCompat_strlen($buf) === $bytes) {
+ return $buf;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ /**
+ * If we reach here, PHP has failed us.
+ */
+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_mcryptphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_mcrypt.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4,9 +4,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * for using the new PHP 7 random_* API in PHP 5 projects
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The MIT License (MIT)
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * Permission is hereby granted, free of charge, to any person obtaining a copy
</span><span class="cx" style="display: block; padding: 0 10px"> * of this software and associated documentation files (the "Software"), to deal
</span><span class="cx" style="display: block; padding: 0 10px"> * in the Software without restriction, including without limitation the rights
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -26,51 +26,52 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * SOFTWARE.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_bytes')) {
+ /**
+ * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
+ *
+ * @ref https://bugs.php.net/bug.php?id=55169
+ * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
+ *
+ * @param int $bytes
+ *
+ * @throws Exception
+ *
+ * @return string
+ */
+ function random_bytes($bytes)
+ {
+ try {
+ $bytes = RandomCompat_intval($bytes);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_bytes(): $bytes must be an integer'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
- *
- * @ref https://bugs.php.net/bug.php?id=55169
- * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($bytes < 1) {
+ throw new Error(
+ 'Length must be greater than 0'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
+ if (
+ $buf !== false
+ &&
+ RandomCompat_strlen($buf) === $bytes
+ ) {
+ /**
+ * Return our random entropy buffer here:
+ */
+ return $buf;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
- if (
- $buf !== false
- &&
- RandomCompat_strlen($buf) === $bytes
- ) {
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Return our random entropy buffer here:
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * If we reach here, PHP has failed us.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return $buf;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ throw new Exception(
+ 'Could not gather sufficient random data'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_bytes_opensslphp"></a>
<div class="delfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Deleted: trunk/src/wp-includes/random_compat/random_bytes_openssl.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_bytes_openssl.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_bytes_openssl.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,83 +0,0 @@
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<?php
-/**
- * Random_* Compatibility Library
- * for using the new PHP 7 random_* API in PHP 5 projects
- *
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-/**
- * Since openssl_random_pseudo_bytes() uses openssl's
- * RAND_pseudo_bytes() API, which has been marked as deprecated by the
- * OpenSSL team, this is our last resort before failure.
- *
- * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html
- *
- * @param int $bytes
- *
- * @throws Exception
- *
- * @return string
- */
-function random_bytes($bytes)
-{
- try {
- $bytes = RandomCompat_intval($bytes);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_bytes(): $bytes must be an integer'
- );
- }
-
- if ($bytes < 1) {
- throw new Error(
- 'Length must be greater than 0'
- );
- }
-
- /**
- * $secure is passed by reference. If it's set to false, fail. Note
- * that this will only return false if this function fails to return
- * any data.
- *
- * @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973
- */
- $secure = true;
- $buf = openssl_random_pseudo_bytes($bytes, $secure);
- if (
- $buf !== false
- &&
- $secure
- &&
- RandomCompat_strlen($buf) === $bytes
- ) {
- return $buf;
- }
-
- /**
- * If we reach here, PHP has failed us.
- */
- throw new Exception(
- 'Could not gather sufficient random data'
- );
-}
</del></span></pre></div>
<a id="trunksrcwpincludesrandom_compatrandom_intphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/random_compat/random_int.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/random_compat/random_int.php 2017-11-08 08:51:03 UTC (rev 42129)
+++ trunk/src/wp-includes/random_compat/random_int.php 2017-11-08 11:47:04 UTC (rev 42130)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,191 +1,190 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * Random_* Compatibility Library
- * for using the new PHP 7 random_* API in PHP 5 projects
- *
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 Paragon Initiative Enterprises
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-/**
- * Fetch a random integer between $min and $max inclusive
- *
- * @param int $min
- * @param int $max
- *
- * @throws Exception
- *
- * @return int
- */
-function random_int($min, $max)
-{
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if (!is_callable('random_int')) {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Type and input logic checks
- *
- * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
- * (non-inclusive), it will sanely cast it to an int. If you it's equal to
- * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
- * lose precision, so the <= and => operators might accidentally let a float
- * through.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Random_* Compatibility Library
+ * for using the new PHP 7 random_* API in PHP 5 projects
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
- try {
- $min = RandomCompat_intval($min);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_int(): $min must be an integer'
- );
- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- try {
- $max = RandomCompat_intval($max);
- } catch (TypeError $ex) {
- throw new TypeError(
- 'random_int(): $max must be an integer'
- );
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Now that we've verified our weak typing system has given us an integer,
- * let's validate the logic then we can move forward with generating random
- * integers along a given range.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Fetch a random integer between $min and $max inclusive
+ *
+ * @param int $min
+ * @param int $max
+ *
+ * @throws Exception
+ *
+ * @return int
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($min > $max) {
- throw new Error(
- 'Minimum value must be less than or equal to the maximum value'
- );
- }
-
- if ($max === $min) {
- return $min;
- }
-
- /**
- * Initialize variables to 0
- *
- * We want to store:
- * $bytes => the number of random bytes we need
- * $mask => an integer bitmask (for use with the &) operator
- * so we can minimize the number of discards
- */
- $attempts = $bits = $bytes = $mask = $valueShift = 0;
-
- /**
- * At this point, $range is a positive number greater than 0. It might
- * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
- * a float and we will lose some precision.
- */
- $range = $max - $min;
-
- /**
- * Test for integer overflow:
- */
- if (!is_int($range)) {
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function random_int($min, $max)
+ {
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Still safely calculate wider ranges.
- * Provided by @CodesInChaos, @oittaa
- *
- * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
- *
- * We use ~0 as a mask in this case because it generates all 1s
- *
- * @ref https://eval.in/400356 (32-bit)
- * @ref http://3v4l.org/XX9r5 (64-bit)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Type and input logic checks
+ *
+ * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+ * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+ * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+ * lose precision, so the <= and => operators might accidentally let a float
+ * through.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $bytes = PHP_INT_SIZE;
- $mask = ~0;
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } else {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $min = RandomCompat_intval($min);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $min must be an integer'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * $bits is effectively ceil(log($range, 2)) without dealing with
- * type juggling
- */
- while ($range > 0) {
- if ($bits % 8 === 0) {
- ++$bytes;
- }
- ++$bits;
- $range >>= 1;
- $mask = $mask << 1 | 1;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ try {
+ $max = RandomCompat_intval($max);
+ } catch (TypeError $ex) {
+ throw new TypeError(
+ 'random_int(): $max must be an integer'
+ );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $valueShift = $min;
- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * Now that we have our parameters set up, let's begin generating
- * random integers until one falls between $min and $max
- */
- do {
</del><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The rejection probability is at most 0.5, so this corresponds
- * to a failure probability of 2^-128 for a working RNG
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Now that we've verified our weak typing system has given us an integer,
+ * let's validate the logic then we can move forward with generating random
+ * integers along a given range.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ($attempts > 128) {
- throw new Exception(
- 'random_int: RNG is broken - too many rejections'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($min > $max) {
+ throw new Error(
+ 'Minimum value must be less than or equal to the maximum value'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ($max === $min) {
+ return (int) $min;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Let's grab the necessary number of random bytes
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Initialize variables to 0
+ *
+ * We want to store:
+ * $bytes => the number of random bytes we need
+ * $mask => an integer bitmask (for use with the &) operator
+ * so we can minimize the number of discards
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $randomByteString = random_bytes($bytes);
- if ($randomByteString === false) {
- throw new Exception(
- 'Random number generator failure'
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $attempts = $bits = $bytes = $mask = $valueShift = 0;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Let's turn $randomByteString into an integer
- *
- * This uses bitwise operators (<< and |) to build an integer
- * out of the values extracted from ord()
- *
- * Example: [9F] | [6D] | [32] | [0C] =>
- * 159 + 27904 + 3276800 + 201326592 =>
- * 204631455
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * At this point, $range is a positive number greater than 0. It might
+ * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+ * a float and we will lose some precision.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $val = 0;
- for ($i = 0; $i < $bytes; ++$i) {
- $val |= ord($randomByteString[$i]) << ($i * 8);
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $range = $max - $min;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Apply mask
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Test for integer overflow:
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $val &= $mask;
- $val += $valueShift;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if (!is_int($range)) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- ++$attempts;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * Still safely calculate wider ranges.
+ * Provided by @CodesInChaos, @oittaa
+ *
+ * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+ *
+ * We use ~0 as a mask in this case because it generates all 1s
+ *
+ * @ref https://eval.in/400356 (32-bit)
+ * @ref http://3v4l.org/XX9r5 (64-bit)
+ */
+ $bytes = PHP_INT_SIZE;
+ $mask = ~0;
+
+ } else {
+
+ /**
+ * $bits is effectively ceil(log($range, 2)) without dealing with
+ * type juggling
+ */
+ while ($range > 0) {
+ if ($bits % 8 === 0) {
+ ++$bytes;
+ }
+ ++$bits;
+ $range >>= 1;
+ $mask = $mask << 1 | 1;
+ }
+ $valueShift = $min;
+ }
+
+ $val = 0;
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * If $val overflows to a floating point number,
- * ... or is larger than $max,
- * ... or smaller than $min,
- * then try again.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Now that we have our parameters set up, let's begin generating
+ * random integers until one falls between $min and $max
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } while (!is_int($val) || $val > $max || $val < $min);
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ do {
+ /**
+ * The rejection probability is at most 0.5, so this corresponds
+ * to a failure probability of 2^-128 for a working RNG
+ */
+ if ($attempts > 128) {
+ throw new Exception(
+ 'random_int: RNG is broken - too many rejections'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return (int) $val;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * Let's grab the necessary number of random bytes
+ */
+ $randomByteString = random_bytes($bytes);
+
+ /**
+ * Let's turn $randomByteString into an integer
+ *
+ * This uses bitwise operators (<< and |) to build an integer
+ * out of the values extracted from ord()
+ *
+ * Example: [9F] | [6D] | [32] | [0C] =>
+ * 159 + 27904 + 3276800 + 201326592 =>
+ * 204631455
+ */
+ $val &= 0;
+ for ($i = 0; $i < $bytes; ++$i) {
+ $val |= ord($randomByteString[$i]) << ($i * 8);
+ }
+
+ /**
+ * Apply mask
+ */
+ $val &= $mask;
+ $val += $valueShift;
+
+ ++$attempts;
+ /**
+ * If $val overflows to a floating point number,
+ * ... or is larger than $max,
+ * ... or smaller than $min,
+ * then try again.
+ */
+ } while (!is_int($val) || $val > $max || $val < $min);
+
+ return (int) $val;
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre>
</div>
</div>
</body>
</html>