Merge branch '3.2.x'

build/build.xml

@@ -355,6 +355,13 @@
 		<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
 		<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
 
+		<delete dir="${dir}/vendor/paragonie/random_compat/dist" />
+		<delete dir="${dir}/vendor/paragonie/random_compat/other" />
+		<delete file="${dir}/vendor/paragonie/random_compat/CHANGELOG.md" />
+		<delete file="${dir}/vendor/paragonie/random_compat/ERRATA.md" />
+		<delete file="${dir}/vendor/paragonie/random_compat/README.md" />
+		<delete file="${dir}/vendor/paragonie/random_compat/SECURITY.md" />
+
 		<delete file="${dir}/vendor/patchwork/utf8/.travis.yml" />
 		<delete file="${dir}/vendor/patchwork/utf8/CHANGELOG.md" />
 		<delete file="${dir}/vendor/patchwork/utf8/phpunit.xml.dist" />

phpBB/composer.json

@@ -31,6 +31,7 @@
 		"guzzlehttp/guzzle": "~5.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "1.1.*",
+		"paragonie/random_compat": "^1.2",
 		"patchwork/utf8": "1.1.*",
 		"s9e/text-formatter": "^0.4.2",
 		"symfony/config": "2.8.*",

phpBB/composer.lock

@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "2de20b0ffe0ca05fb62a7c685a25ca79",
+    "hash": "9cbb41222e71eb86e0ef9118baafc691",
-    "content-hash": "6e427257e82c0d33fc94040d9685f516",
+    "content-hash": "03a990fa2d088c89afe4824d2d53e873",
     "packages": [
         {
             "name": "bantu/ini-get-wrapper",
@@ -401,6 +401,54 @@
             ],
             "time": "2015-08-21 11:40:30"
         },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v1.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "b0e69d10852716b2ccbdff69c75c477637220790"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
+                "reference": "b0e69d10852716b2ccbdff69c75c477637220790",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.2.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/random.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "pseudorandom",
+                "random"
+            ],
+            "time": "2016-02-06 03:52:05"
+        },
         {
             "name": "patchwork/utf8",
             "version": "v1.1.31",

phpBB/config/installer/container/services.yml

@@ -17,7 +17,9 @@ services:
     config:
         class: phpbb\config\config
         arguments:
-            - []
+            -
+                rand_seed: 'installer_seed'
+                rand_seed_last_update: 0
 
     controller.resolver:
         class: phpbb\controller\resolver

phpBB/includes/functions.php

@@ -93,25 +93,10 @@ function gen_rand_string_friendly($num_chars = 8)
 
 /**
 * Return unique id
-* @param string $extra additional entropy
 */
-function unique_id($extra = 'c')
+function unique_id()
 {
-	static $dss_seeded = false;
+	return bin2hex(random_bytes(6));
-	global $config;
-
-	$val = $config['rand_seed'] . microtime();
-	$val = md5($val);
-	$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
-
-	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
-	{
-		$config->set('rand_seed_last_update', time(), false);
-		$config->set('rand_seed', $config['rand_seed'], false);
-		$dss_seeded = true;
-	}
-
-	return substr($val, 4, 16);
 }
 
 /**

phpBB/phpbb/template/twig/definition.php

@@ -19,10 +19,7 @@ namespace phpbb\template\twig;
 class definition
 {
 	/** @var array **/
-	protected $definitions = array(
+	protected $definitions = array();
-		'SCRIPTS'		=> '__SCRIPTS_PLACEHOLDER__',
-		'STYLESHEETS'	=> '__STYLESHEETS_PLACEHOLDER__'
-	);
 
 	/**
 	* Get a DEFINE'd variable

phpBB/phpbb/template/twig/environment.php

@@ -195,9 +195,7 @@ class environment extends \Twig_Environment
 	 */
 	public function render($name, array $context = [])
 	{
-		$output = parent::render($name, $context);
+		return $this->display_with_assets($name, $context);
-
-		return $this->inject_assets($output);
 	}
 
 	/**
@@ -205,26 +203,25 @@ class environment extends \Twig_Environment
 	 */
 	public function display($name, array $context = [])
 	{
-		$level = ob_get_level();
+		echo $this->display_with_assets($name, $context);
-		ob_start();
-
-		try
-		{
-			parent::display($name, $context);
-		}
-		catch (\Exception $e)
-		{
-			while (ob_get_level() > $level)
-			{
-				ob_end_clean();
 	}
 
-			throw $e;
+	/**
+	 * {@inheritdoc}
+	 */
+	private function display_with_assets($name, array $context = [])
+	{
+		$placeholder_salt = unique_id();
+
+		if (array_key_exists('definition', $context))
+		{
+			$context['definition']->set('SCRIPTS', '__SCRIPTS_' . $placeholder_salt . '__');
+			$context['definition']->set('STYLESHEETS', '__STYLESHEETS_' . $placeholder_salt . '__');
 		}
 
-		$output = ob_get_clean();
+		$output = parent::render($name, $context);
 
-		echo $this->inject_assets($output);
+		return $this->inject_assets($output, $placeholder_salt);
 	}
 
 	/**
@@ -234,10 +231,10 @@ class environment extends \Twig_Environment
 	 *
 	 * @return string
 	 */
-	private function inject_assets($output)
+	private function inject_assets($output, $placeholder_salt)
 	{
-		$output = str_replace('__STYLESHEETS_PLACEHOLDER__', $this->assets_bag->get_stylesheets_content(), $output);
+		$output = str_replace('__STYLESHEETS_' . $placeholder_salt . '__', $this->assets_bag->get_stylesheets_content(), $output);
-		$output = str_replace('__SCRIPTS_PLACEHOLDER__', $this->assets_bag->get_scripts_content(), $output);
+		$output = str_replace('__SCRIPTS_' . $placeholder_salt . '__', $this->assets_bag->get_scripts_content(), $output);
 
 		return $output;
 	}

phpBB/phpbb/template/twig/twig.php

@@ -335,7 +335,7 @@ class twig extends \phpbb\template\base
 			return $this->twig->render($this->get_filename_from_handle($handle), $this->get_template_vars());
 		}
 
-		$this->assign_var($template_var, $this->twig->render($this->get_filename_from_handle($handle, $this->get_template_vars())));
+		$this->assign_var($template_var, $this->twig->render($this->get_filename_from_handle($handle), $this->get_template_vars()));
 
 		return $this;
 	}

tests/template/template_test_case.php

@@ -172,6 +172,7 @@ class phpbb_template_template_test_case extends phpbb_test_case
 
 		$expected = str_replace(array("\n", "\r", "\t"), '', $expected);
 		$output = str_replace(array("\n", "\r", "\t"), '', $this->display('test'));
+
 		$this->assertEquals($expected, $output, "Testing $file");
 	}
 }