diff --git a/build/build.xml b/build/build.xml
index b31f36cae0..d9a182fbc1 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -355,6 +355,13 @@
+
+
+
+
+
+
+
diff --git a/phpBB/composer.json b/phpBB/composer.json
index 88df2bfa3d..b0c9b57cb6 100644
--- a/phpBB/composer.json
+++ b/phpBB/composer.json
@@ -31,6 +31,7 @@
"guzzlehttp/guzzle": "~5.3",
"lusitanian/oauth": "^0.8.1",
"marc1706/fast-image-size": "1.1.*",
+ "paragonie/random_compat": "^1.2",
"patchwork/utf8": "1.1.*",
"s9e/text-formatter": "^0.4.2",
"symfony/config": "2.8.*",
diff --git a/phpBB/composer.lock b/phpBB/composer.lock
index 7cb6c160ce..d10c94a75f 100644
--- a/phpBB/composer.lock
+++ b/phpBB/composer.lock
@@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
- "hash": "2de20b0ffe0ca05fb62a7c685a25ca79",
- "content-hash": "6e427257e82c0d33fc94040d9685f516",
+ "hash": "9cbb41222e71eb86e0ef9118baafc691",
+ "content-hash": "03a990fa2d088c89afe4824d2d53e873",
"packages": [
{
"name": "bantu/ini-get-wrapper",
@@ -401,6 +401,54 @@
],
"time": "2015-08-21 11:40:30"
},
+ {
+ "name": "paragonie/random_compat",
+ "version": "v1.2.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/paragonie/random_compat.git",
+ "reference": "b0e69d10852716b2ccbdff69c75c477637220790"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790",
+ "reference": "b0e69d10852716b2ccbdff69c75c477637220790",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.2.0"
+ },
+ "require-dev": {
+ "phpunit/phpunit": "4.*|5.*"
+ },
+ "suggest": {
+ "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+ },
+ "type": "library",
+ "autoload": {
+ "files": [
+ "lib/random.php"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Paragon Initiative Enterprises",
+ "email": "security@paragonie.com",
+ "homepage": "https://paragonie.com"
+ }
+ ],
+ "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+ "keywords": [
+ "csprng",
+ "pseudorandom",
+ "random"
+ ],
+ "time": "2016-02-06 03:52:05"
+ },
{
"name": "patchwork/utf8",
"version": "v1.1.31",
diff --git a/phpBB/config/installer/container/services.yml b/phpBB/config/installer/container/services.yml
index 16782dec10..20d790e9a6 100644
--- a/phpBB/config/installer/container/services.yml
+++ b/phpBB/config/installer/container/services.yml
@@ -17,7 +17,9 @@ services:
config:
class: phpbb\config\config
arguments:
- - []
+ -
+ rand_seed: 'installer_seed'
+ rand_seed_last_update: 0
controller.resolver:
class: phpbb\controller\resolver
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 54ff51dda5..5125a601d6 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -93,25 +93,10 @@ function gen_rand_string_friendly($num_chars = 8)
/**
* Return unique id
-* @param string $extra additional entropy
*/
-function unique_id($extra = 'c')
+function unique_id()
{
- static $dss_seeded = false;
- global $config;
-
- $val = $config['rand_seed'] . microtime();
- $val = md5($val);
- $config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
-
- if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
- {
- $config->set('rand_seed_last_update', time(), false);
- $config->set('rand_seed', $config['rand_seed'], false);
- $dss_seeded = true;
- }
-
- return substr($val, 4, 16);
+ return bin2hex(random_bytes(6));
}
/**
diff --git a/phpBB/phpbb/template/twig/definition.php b/phpBB/phpbb/template/twig/definition.php
index 205f0e68ee..cb3c953692 100644
--- a/phpBB/phpbb/template/twig/definition.php
+++ b/phpBB/phpbb/template/twig/definition.php
@@ -19,10 +19,7 @@ namespace phpbb\template\twig;
class definition
{
/** @var array **/
- protected $definitions = array(
- 'SCRIPTS' => '__SCRIPTS_PLACEHOLDER__',
- 'STYLESHEETS' => '__STYLESHEETS_PLACEHOLDER__'
- );
+ protected $definitions = array();
/**
* Get a DEFINE'd variable
diff --git a/phpBB/phpbb/template/twig/environment.php b/phpBB/phpbb/template/twig/environment.php
index 5660ddc3a4..56c85c8d71 100644
--- a/phpBB/phpbb/template/twig/environment.php
+++ b/phpBB/phpbb/template/twig/environment.php
@@ -195,9 +195,7 @@ class environment extends \Twig_Environment
*/
public function render($name, array $context = [])
{
- $output = parent::render($name, $context);
-
- return $this->inject_assets($output);
+ return $this->display_with_assets($name, $context);
}
/**
@@ -205,26 +203,25 @@ class environment extends \Twig_Environment
*/
public function display($name, array $context = [])
{
- $level = ob_get_level();
- ob_start();
+ echo $this->display_with_assets($name, $context);
+ }
- try
- {
- parent::display($name, $context);
- }
- catch (\Exception $e)
- {
- while (ob_get_level() > $level)
- {
- ob_end_clean();
- }
+ /**
+ * {@inheritdoc}
+ */
+ private function display_with_assets($name, array $context = [])
+ {
+ $placeholder_salt = unique_id();
- throw $e;
+ if (array_key_exists('definition', $context))
+ {
+ $context['definition']->set('SCRIPTS', '__SCRIPTS_' . $placeholder_salt . '__');
+ $context['definition']->set('STYLESHEETS', '__STYLESHEETS_' . $placeholder_salt . '__');
}
- $output = ob_get_clean();
+ $output = parent::render($name, $context);
- echo $this->inject_assets($output);
+ return $this->inject_assets($output, $placeholder_salt);
}
/**
@@ -234,10 +231,10 @@ class environment extends \Twig_Environment
*
* @return string
*/
- private function inject_assets($output)
+ private function inject_assets($output, $placeholder_salt)
{
- $output = str_replace('__STYLESHEETS_PLACEHOLDER__', $this->assets_bag->get_stylesheets_content(), $output);
- $output = str_replace('__SCRIPTS_PLACEHOLDER__', $this->assets_bag->get_scripts_content(), $output);
+ $output = str_replace('__STYLESHEETS_' . $placeholder_salt . '__', $this->assets_bag->get_stylesheets_content(), $output);
+ $output = str_replace('__SCRIPTS_' . $placeholder_salt . '__', $this->assets_bag->get_scripts_content(), $output);
return $output;
}
diff --git a/phpBB/phpbb/template/twig/twig.php b/phpBB/phpbb/template/twig/twig.php
index 6b3cf32bc8..f322778eda 100644
--- a/phpBB/phpbb/template/twig/twig.php
+++ b/phpBB/phpbb/template/twig/twig.php
@@ -335,7 +335,7 @@ class twig extends \phpbb\template\base
return $this->twig->render($this->get_filename_from_handle($handle), $this->get_template_vars());
}
- $this->assign_var($template_var, $this->twig->render($this->get_filename_from_handle($handle, $this->get_template_vars())));
+ $this->assign_var($template_var, $this->twig->render($this->get_filename_from_handle($handle), $this->get_template_vars()));
return $this;
}
diff --git a/tests/template/template_test_case.php b/tests/template/template_test_case.php
index 62eea0d361..3c97d30edc 100644
--- a/tests/template/template_test_case.php
+++ b/tests/template/template_test_case.php
@@ -172,6 +172,7 @@ class phpbb_template_template_test_case extends phpbb_test_case
$expected = str_replace(array("\n", "\r", "\t"), '', $expected);
$output = str_replace(array("\n", "\r", "\t"), '', $this->display('test'));
+
$this->assertEquals($expected, $output, "Testing $file");
}
}