makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/14457] Replaces unique_id implementation by random_bytes()

Browse source 
PHPBB3-14457
This commit is contained in:
Tristan Darricau 2016-02-17 22:10:09 +01:00
parent 08a11dbe32
commit 58359b1587
4 changed files with 60 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
build/build.xml
View file

@ -355,6 +355,13 @@
<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
<delete dir="${dir}/vendor/paragonie/random_compat/dist" />
<delete dir="${dir}/vendor/paragonie/random_compat/other" />
<delete file="${dir}/vendor/paragonie/random_compat/CHANGELOG.md" />
<delete file="${dir}/vendor/paragonie/random_compat/ERRATA.md" />
<delete file="${dir}/vendor/paragonie/random_compat/README.md" />
<delete file="${dir}/vendor/paragonie/random_compat/SECURITY.md" />
<delete file="${dir}/vendor/patchwork/utf8/.travis.yml" />
<delete file="${dir}/vendor/patchwork/utf8/CHANGELOG.md" />
<delete file="${dir}/vendor/patchwork/utf8/phpunit.xml.dist" />

1
phpBB/composer.json
View file

@ -31,6 +31,7 @@
"guzzlehttp/guzzle": "~5.3",
"lusitanian/oauth": "^0.8.1",
"marc1706/fast-image-size": "1.1.*",
"paragonie/random_compat": "^1.2",
"patchwork/utf8": "1.1.*",
"s9e/text-formatter": "^0.4.2",
"symfony/config": "2.8.*",

52
phpBB/composer.lock generated
View file

@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "2de20b0ffe0ca05fb62a7c685a25ca79",
"content-hash": "6e427257e82c0d33fc94040d9685f516",
"hash": "9cbb41222e71eb86e0ef9118baafc691",
"content-hash": "03a990fa2d088c89afe4824d2d53e873",
"packages": [
{
"name": "bantu/ini-get-wrapper",
@ -401,6 +401,54 @@
],
"time": "2015-08-21 11:40:30"
},
{
"name": "paragonie/random_compat",
"version": "v1.2.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "b0e69d10852716b2ccbdff69c75c477637220790"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
"reference": "b0e69d10852716b2ccbdff69c75c477637220790",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2016-02-06 03:52:05"
},
{
"name": "patchwork/utf8",
"version": "v1.1.31",

19
phpBB/includes/functions.php
View file

@ -93,25 +93,10 @@ function gen_rand_string_friendly($num_chars = 8)
/**
* Return unique id
* @param string $extra additional entropy
*/
function unique_id($extra = 'c')
function unique_id()
{
static $dss_seeded = false;
global $config;
$val = $config['rand_seed'] . microtime();
$val = md5($val);
$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
{
$config->set('rand_seed_last_update', time(), false);
$config->set('rand_seed', $config['rand_seed'], false);
$dss_seeded = true;
}
return substr($val, 4, 16);
return bin2hex(random_bytes(6));
}
/**