[wp-trac] [WordPress Trac] #42439: Update random_compat external library for PHP 7 linting failure
WordPress Trac
noreply at wordpress.org
Wed Dec 13 21:36:30 UTC 2017
#42439: Update random_compat external library for PHP 7 linting failure
--------------------------------+---------------------
Reporter: jrdelarosa | Owner: dd32
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.9.2
Component: External Libraries | Version: 4.9
Severity: normal | Resolution: fixed
Keywords: fixed-major | Focuses:
--------------------------------+---------------------
Comment (by paragoninitiativeenterprises):
@dd32 - The risk for breakage should be very minimal, but I would add a
recommendation in the 4.9.2 release notes in case it does happen.
**If a plugin breaks with this upgrade**:
* Replace `random_int()` with `wp_rand()`
* Replace `random_bytes()` with a function that uses `wp_rand()` to
construct a string.
For example:
{{{
<?php
/**
* Alternative to random_bytes() that uses wp_rand().
*
* @param int $len
* @return string
* @throws Exception
* @throws TypeError
*/
function wp_random_byte_string($len = 0)
{
if (!is_int($len)) {
throw new TypeError("Length must be an integer.");
}
if ($len < 1) {
throw new Exception("Length must be greater than 0");
}
$chr = '';
for ($i = 0; $i < $len; ++$i) {
// pack('C', $int) is equivalent to chr($int), without cache
timing leaks
// See: https://paragonie.com/blog/2017/02/cryptographically-
secure-php-development#chr
$chr .= pack('C', wp_rand(0, 255));
}
return $chr;
}
}}}
This will allow you gracefully handle degradation. (Feel free to adapt
this sample function for core if you want.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42439#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list