mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 22:28:51 +00:00
[ticket/14457] Replaces unique_id implementation by random_bytes()
PHPBB3-14457
This commit is contained in:
Tristan Darricau
parent
08a11dbe32
commit
58359b1587
4 changed files with 60 additions and 19 deletions
|
|
@ -355,6 +355,13 @@
|
||||||
<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
|
<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
|
||||||
<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
|
<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
|
||||||
|
|
||||||
|
<delete dir="${dir}/vendor/paragonie/random_compat/dist" />
|
||||||
|
<delete dir="${dir}/vendor/paragonie/random_compat/other" />
|
||||||
|
<delete file="${dir}/vendor/paragonie/random_compat/CHANGELOG.md" />
|
||||||
|
<delete file="${dir}/vendor/paragonie/random_compat/ERRATA.md" />
|
||||||
|
<delete file="${dir}/vendor/paragonie/random_compat/README.md" />
|
||||||
|
<delete file="${dir}/vendor/paragonie/random_compat/SECURITY.md" />
|
||||||
|
|
||||||
<delete file="${dir}/vendor/patchwork/utf8/.travis.yml" />
|
<delete file="${dir}/vendor/patchwork/utf8/.travis.yml" />
|
||||||
<delete file="${dir}/vendor/patchwork/utf8/CHANGELOG.md" />
|
<delete file="${dir}/vendor/patchwork/utf8/CHANGELOG.md" />
|
||||||
<delete file="${dir}/vendor/patchwork/utf8/phpunit.xml.dist" />
|
<delete file="${dir}/vendor/patchwork/utf8/phpunit.xml.dist" />
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@
|
||||||
"guzzlehttp/guzzle": "~5.3",
|
"guzzlehttp/guzzle": "~5.3",
|
||||||
"lusitanian/oauth": "^0.8.1",
|
"lusitanian/oauth": "^0.8.1",
|
||||||
"marc1706/fast-image-size": "1.1.*",
|
"marc1706/fast-image-size": "1.1.*",
|
||||||
|
"paragonie/random_compat": "^1.2",
|
||||||
"patchwork/utf8": "1.1.*",
|
"patchwork/utf8": "1.1.*",
|
||||||
"s9e/text-formatter": "^0.4.2",
|
"s9e/text-formatter": "^0.4.2",
|
||||||
"symfony/config": "2.8.*",
|
"symfony/config": "2.8.*",
|
||||||
|
|
|
||||||
52
phpBB/composer.lock
generated
52
phpBB/composer.lock
generated
|
|
@ -4,8 +4,8 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"hash": "2de20b0ffe0ca05fb62a7c685a25ca79",
|
"hash": "9cbb41222e71eb86e0ef9118baafc691",
|
||||||
"content-hash": "6e427257e82c0d33fc94040d9685f516",
|
"content-hash": "03a990fa2d088c89afe4824d2d53e873",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "bantu/ini-get-wrapper",
|
"name": "bantu/ini-get-wrapper",
|
||||||
|
|
@ -401,6 +401,54 @@
|
||||||
],
|
],
|
||||||
"time": "2015-08-21 11:40:30"
|
"time": "2015-08-21 11:40:30"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "paragonie/random_compat",
|
||||||
|
"version": "v1.2.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/paragonie/random_compat.git",
|
||||||
|
"reference": "b0e69d10852716b2ccbdff69c75c477637220790"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
|
||||||
|
"reference": "b0e69d10852716b2ccbdff69c75c477637220790",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.2.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "4.*|5.*"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"files": [
|
||||||
|
"lib/random.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Paragon Initiative Enterprises",
|
||||||
|
"email": "security@paragonie.com",
|
||||||
|
"homepage": "https://paragonie.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
|
||||||
|
"keywords": [
|
||||||
|
"csprng",
|
||||||
|
"pseudorandom",
|
||||||
|
"random"
|
||||||
|
],
|
||||||
|
"time": "2016-02-06 03:52:05"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "patchwork/utf8",
|
"name": "patchwork/utf8",
|
||||||
"version": "v1.1.31",
|
"version": "v1.1.31",
|
||||||
|
|
|
||||||
|
|
@ -93,25 +93,10 @@ function gen_rand_string_friendly($num_chars = 8)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return unique id
|
* Return unique id
|
||||||
* @param string $extra additional entropy
|
|
||||||
*/
|
*/
|
||||||
function unique_id($extra = 'c')
|
function unique_id()
|
||||||
{
|
{
|
||||||
static $dss_seeded = false;
|
return bin2hex(random_bytes(6));
|
||||||
global $config;
|
|
||||||
|
|
||||||
$val = $config['rand_seed'] . microtime();
|
|
||||||
$val = md5($val);
|
|
||||||
$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
|
|
||||||
|
|
||||||
if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
|
|
||||||
{
|
|
||||||
$config->set('rand_seed_last_update', time(), false);
|
|
||||||
$config->set('rand_seed', $config['rand_seed'], false);
|
|
||||||
$dss_seeded = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
return substr($val, 4, 16);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue