sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

External Libraries: Update Random_Compat from 1.2.1 to 2.0.11.

Browse Source 
Notably this fixes PHP7 parse errors of the files and removes the OpenSSL functionality.
Full Changes: https://github.com/paragonie/random_compat/compare/v1.2.1...v2.0.11

Props jrdelarosa.
See #42439.


git-svn-id: https://develop.svn.wordpress.org/trunk@42130 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2017-11-08 11:47:04 +00:00
parent e7d649e621
commit 56659638dc
11 changed files with 733 additions and 757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/wp-includes/random_compat/byte_safe_strings.php
View File

@ -5,7 +5,7 @@
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,7 +26,7 @@
* SOFTWARE. * SOFTWARE.
*/ */
if (!function_exists('RandomCompat_strlen')) { if (!is_callable('RandomCompat_strlen')) {
if ( if (
defined('MB_OVERLOAD_STRING') && defined('MB_OVERLOAD_STRING') &&
ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
@ -51,7 +51,7 @@ if (!function_exists('RandomCompat_strlen')) {
); );
} }
return mb_strlen($binary_string, '8bit'); return (int) mb_strlen($binary_string, '8bit');
} }
} else { } else {
@ -73,12 +73,12 @@ if (!function_exists('RandomCompat_strlen')) {
'RandomCompat_strlen() expects a string' 'RandomCompat_strlen() expects a string'
); );
} }
return strlen($binary_string); return (int) strlen($binary_string);
} }
} }
} }
if (!function_exists('RandomCompat_substr')) { if (!is_callable('RandomCompat_substr')) {
if ( if (
defined('MB_OVERLOAD_STRING') defined('MB_OVERLOAD_STRING')
@ -118,14 +118,22 @@ if (!function_exists('RandomCompat_substr')) {
* mb_substr($str, 0, NULL, '8bit') returns an empty string on * mb_substr($str, 0, NULL, '8bit') returns an empty string on
* PHP 5.3, so we have to find the length ourselves. * PHP 5.3, so we have to find the length ourselves.
*/ */
$length = RandomCompat_strlen($length) - $start; $length = RandomCompat_strlen($binary_string) - $start;
} elseif (!is_int($length)) { } elseif (!is_int($length)) {
throw new TypeError( throw new TypeError(
'RandomCompat_substr(): Third argument should be an integer, or omitted' 'RandomCompat_substr(): Third argument should be an integer, or omitted'
); );
} }
return mb_substr($binary_string, $start, $length, '8bit'); // Consistency with PHP's behavior
if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
return '';
}
if ($start > RandomCompat_strlen($binary_string)) {
return '';
}
return (string) mb_substr($binary_string, $start, $length, '8bit');
} }
} else { } else {
@ -164,10 +172,10 @@ if (!function_exists('RandomCompat_substr')) {
); );
} }
return substr($binary_string, $start, $length); return (string) substr($binary_string, $start, $length);
} }
return substr($binary_string, $start); return (string) substr($binary_string, $start);
} }
} }
} }

26
src/wp-includes/random_compat/cast_to_int.php
View File

@ -5,7 +5,7 @@
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,7 +26,7 @@
* SOFTWARE. * SOFTWARE.
*/ */
if (!function_exists('RandomCompat_intval')) { if (!is_callable('RandomCompat_intval')) {
/** /**
* Cast to an integer if we can, safely. * Cast to an integer if we can, safely.
@ -38,15 +38,18 @@ if (!function_exists('RandomCompat_intval')) {
* through. * through.
* *
* @param int|float $number The number we want to convert to an int * @param int|float $number The number we want to convert to an int
* @param boolean $fail_open Set to true to not throw an exception * @param bool $fail_open Set to true to not throw an exception
* *
* @return int (or float if $fail_open) * @return float|int
* @psalm-suppress InvalidReturnType
* *
* @throws TypeError * @throws TypeError
*/ */
function RandomCompat_intval($number, $fail_open = false) function RandomCompat_intval($number, $fail_open = false)
{ {
if (is_numeric($number)) { if (is_int($number) || is_float($number)) {
$number += 0;
} elseif (is_numeric($number)) {
$number += 0; $number += 0;
} }
@ -60,12 +63,13 @@ if (!function_exists('RandomCompat_intval')) {
$number = (int) $number; $number = (int) $number;
} }
if (is_int($number) || $fail_open) { if (is_int($number)) {
return $number; return (int) $number;
} elseif (!$fail_open) {
throw new TypeError(
'Expected an integer.'
);
} }
return $number;
throw new TypeError(
'Expected an integer.'
);
} }
} }

17
src/wp-includes/random_compat/error_polyfill.php
View File

@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -35,8 +35,15 @@ if (!class_exists('Error', false)) {
} }
if (!class_exists('TypeError', false)) { if (!class_exists('TypeError', false)) {
class TypeError extends Error if (is_subclass_of('Error', 'Exception')) {
{ class TypeError extends Error
{
}
} else {
class TypeError extends Exception
{
}
} }
} }

360
src/wp-includes/random_compat/random.php
View File

@ -3,12 +3,12 @@
* Random_* Compatibility Library * Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* @version 1.2.1 * @version 2.0.10
* @released 2016-02-29 * @released 2017-03-13
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -31,7 +31,7 @@
if (!defined('PHP_VERSION_ID')) { if (!defined('PHP_VERSION_ID')) {
// This constant was introduced in PHP 5.2.7 // This constant was introduced in PHP 5.2.7
$RandomCompatversion = explode('.', PHP_VERSION); $RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
define( define(
'PHP_VERSION_ID', 'PHP_VERSION_ID',
$RandomCompatversion[0] * 10000 $RandomCompatversion[0] * 10000
@ -41,177 +41,183 @@ if (!defined('PHP_VERSION_ID')) {
$RandomCompatversion = null; $RandomCompatversion = null;
} }
if (PHP_VERSION_ID < 70000) { /**
* PHP 7.0.0 and newer have these functions natively.
if (!defined('RANDOM_COMPAT_READ_BUFFER')) { */
define('RANDOM_COMPAT_READ_BUFFER', 8); if (PHP_VERSION_ID >= 70000) {
} return;
$RandomCompatDIR = dirname(__FILE__);
require_once $RandomCompatDIR.'/byte_safe_strings.php';
require_once $RandomCompatDIR.'/cast_to_int.php';
require_once $RandomCompatDIR.'/error_polyfill.php';
if (!function_exists('random_bytes')) {
/**
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
*
* We use conditional statements here to define the function in accordance
* to the operating environment. It's a micro-optimization.
*
* In order of preference:
* 1. Use libsodium if available.
* 2. fread() /dev/urandom if available (never on Windows)
* 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
* 5. openssl_random_pseudo_bytes() (absolute last resort)
*
* See ERRATA.md for our reasoning behind this particular order
*/
if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php
if (PHP_VERSION_ID >= 50300 && function_exists('\\Sodium\\randombytes_buf')) {
require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
} elseif (method_exists('Sodium', 'randombytes_buf')) {
require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php';
}
}
/**
* Reading directly from /dev/urandom:
*/
if (DIRECTORY_SEPARATOR === '/') {
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
// way to exclude Windows.
$RandomCompatUrandom = true;
$RandomCompat_basedir = ini_get('open_basedir');
if (!empty($RandomCompat_basedir)) {
$RandomCompat_open_basedir = explode(
PATH_SEPARATOR,
strtolower($RandomCompat_basedir)
);
$RandomCompatUrandom = in_array(
'/dev',
$RandomCompat_open_basedir
);
$RandomCompat_open_basedir = null;
}
if (
!function_exists('random_bytes')
&&
$RandomCompatUrandom
&&
@is_readable('/dev/urandom')
) {
// Error suppression on is_readable() in case of an open_basedir
// or safe_mode failure. All we care about is whether or not we
// can read it at this point. If the PHP environment is going to
// panic over trying to see if the file can be read in the first
// place, that is not helpful to us here.
// See random_bytes_dev_urandom.php
require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
}
// Unset variables after use
$RandomCompat_basedir = null;
$RandomCompatUrandom = null;
}
/**
* mcrypt_create_iv()
*/
if (
!function_exists('random_bytes')
&&
PHP_VERSION_ID >= 50307
&&
extension_loaded('mcrypt')
) {
// Prevent this code from hanging indefinitely on non-Windows;
// see https://bugs.php.net/bug.php?id=69833
if (
DIRECTORY_SEPARATOR !== '/' ||
(PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
) {
// See random_bytes_mcrypt.php
require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
}
}
if (
!function_exists('random_bytes')
&&
extension_loaded('com_dotnet')
&&
class_exists('COM')
) {
$RandomCompat_disabled_classes = preg_split(
'#\s*,\s*#',
strtolower(ini_get('disable_classes'))
);
if (!in_array('com', $RandomCompat_disabled_classes)) {
try {
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
// See random_bytes_com_dotnet.php
require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
}
} catch (com_exception $e) {
// Don't try to use it.
}
}
$RandomCompat_disabled_classes = null;
$RandomCompatCOMtest = null;
}
/**
* openssl_random_pseudo_bytes()
*/
if (
(
// Unix-like with PHP >= 5.3.0 or
(
DIRECTORY_SEPARATOR === '/'
&&
PHP_VERSION_ID >= 50300
)
||
// Windows with PHP >= 5.4.1
PHP_VERSION_ID >= 50401
)
&&
!function_exists('random_bytes')
&&
extension_loaded('openssl')
) {
// See random_bytes_openssl.php
require_once $RandomCompatDIR.'/random_bytes_openssl.php';
}
/**
* throw new Exception
*/
if (!function_exists('random_bytes')) {
/**
* We don't have any more options, so let's throw an exception right now
* and hope the developer won't let it fail silently.
*/
function random_bytes($length)
{
throw new Exception(
'There is no suitable CSPRNG installed on your system'
);
}
}
}
if (!function_exists('random_int')) {
require_once $RandomCompatDIR.'/random_int.php';
}
$RandomCompatDIR = null;
} }
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
define('RANDOM_COMPAT_READ_BUFFER', 8);
}
$RandomCompatDIR = dirname(__FILE__);
require_once $RandomCompatDIR . '/byte_safe_strings.php';
require_once $RandomCompatDIR . '/cast_to_int.php';
require_once $RandomCompatDIR . '/error_polyfill.php';
if (!is_callable('random_bytes')) {
/**
* PHP 5.2.0 - 5.6.x way to implement random_bytes()
*
* We use conditional statements here to define the function in accordance
* to the operating environment. It's a micro-optimization.
*
* In order of preference:
* 1. Use libsodium if available.
* 2. fread() /dev/urandom if available (never on Windows)
* 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
*
* See RATIONALE.md for our reasoning behind this particular order
*/
if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php
if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
} elseif (method_exists('Sodium', 'randombytes_buf')) {
require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
}
}
/**
* Reading directly from /dev/urandom:
*/
if (DIRECTORY_SEPARATOR === '/') {
// DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
// way to exclude Windows.
$RandomCompatUrandom = true;
$RandomCompat_basedir = ini_get('open_basedir');
if (!empty($RandomCompat_basedir)) {
$RandomCompat_open_basedir = explode(
PATH_SEPARATOR,
strtolower($RandomCompat_basedir)
);
$RandomCompatUrandom = (array() !== array_intersect(
array('/dev', '/dev/', '/dev/urandom'),
$RandomCompat_open_basedir
));
$RandomCompat_open_basedir = null;
}
if (
!is_callable('random_bytes')
&&
$RandomCompatUrandom
&&
@is_readable('/dev/urandom')
) {
// Error suppression on is_readable() in case of an open_basedir
// or safe_mode failure. All we care about is whether or not we
// can read it at this point. If the PHP environment is going to
// panic over trying to see if the file can be read in the first
// place, that is not helpful to us here.
// See random_bytes_dev_urandom.php
require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
}
// Unset variables after use
$RandomCompat_basedir = null;
} else {
$RandomCompatUrandom = false;
}
/**
* mcrypt_create_iv()
*
* We only want to use mcypt_create_iv() if:
*
* - random_bytes() hasn't already been defined
* - the mcrypt extensions is loaded
* - One of these two conditions is true:
* - We're on Windows (DIRECTORY_SEPARATOR !== '/')
* - We're not on Windows and /dev/urandom is readabale
* (i.e. we're not in a chroot jail)
* - Special case:
* - If we're not on Windows, but the PHP version is between
* 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
* hang indefinitely. This is bad.
* - If we're on Windows, we want to use PHP >= 5.3.7 or else
* we get insufficient entropy errors.
*/
if (
!is_callable('random_bytes')
&&
// Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
(DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
&&
// Prevent this code from hanging indefinitely on non-Windows;
// see https://bugs.php.net/bug.php?id=69833
(
DIRECTORY_SEPARATOR !== '/' ||
(PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
)
&&
extension_loaded('mcrypt')
) {
// See random_bytes_mcrypt.php
require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
}
$RandomCompatUrandom = null;
/**
* This is a Windows-specific fallback, for when the mcrypt extension
* isn't loaded.
*/
if (
!is_callable('random_bytes')
&&
extension_loaded('com_dotnet')
&&
class_exists('COM')
) {
$RandomCompat_disabled_classes = preg_split(
'#\s*,\s*#',
strtolower(ini_get('disable_classes'))
);
if (!in_array('com', $RandomCompat_disabled_classes)) {
try {
$RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
// See random_bytes_com_dotnet.php
require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
}
} catch (com_exception $e) {
// Don't try to use it.
}
}
$RandomCompat_disabled_classes = null;
$RandomCompatCOMtest = null;
}
/**
* throw new Exception
*/
if (!is_callable('random_bytes')) {
/**
* We don't have any more options, so let's throw an exception right now
* and hope the developer won't let it fail silently.
*
* @param mixed $length
* @return void
* @throws Exception
*/
function random_bytes($length)
{
unset($length); // Suppress "variable not used" warnings.
throw new Exception(
'There is no suitable CSPRNG installed on your system'
);
}
}
}
if (!is_callable('random_int')) {
require_once $RandomCompatDIR . '/random_int.php';
}
$RandomCompatDIR = null;

107
src/wp-includes/random_compat/random_bytes_com_dotnet.php
View File

@ -5,7 +5,7 @@
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,56 +26,63 @@
* SOFTWARE. * SOFTWARE.
*/ */
/** if (!is_callable('random_bytes')) {
* Windows with PHP < 5.3.0 will not have the function
* openssl_random_pseudo_bytes() available, so let's use
* CAPICOM to work around this deficiency.
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
$buf = '';
$util = new COM('CAPICOM.Utilities.1');
$execCount = 0;
/** /**
* Let's not let it loop forever. If we run N times and fail to * Windows with PHP < 5.3.0 will not have the function
* get N bytes of random data, then CAPICOM has failed us. * openssl_random_pseudo_bytes() available, so let's use
* CAPICOM to work around this deficiency.
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/ */
do { function random_bytes($bytes)
$buf .= base64_decode($util->GetRandom($bytes, 0)); {
if (RandomCompat_strlen($buf) >= $bytes) { try {
/** $bytes = RandomCompat_intval($bytes);
* Return our random entropy buffer here: } catch (TypeError $ex) {
*/ throw new TypeError(
return RandomCompat_substr($buf, 0, $bytes); 'random_bytes(): $bytes must be an integer'
);
} }
++$execCount;
} while ($execCount < $bytes);
/** if ($bytes < 1) {
* If we reach here, PHP has failed us. throw new Error(
*/ 'Length must be greater than 0'
throw new Exception( );
'Could not gather sufficient random data' }
);
} $buf = '';
if (!class_exists('COM')) {
throw new Error(
'COM does not exist'
);
}
$util = new COM('CAPICOM.Utilities.1');
$execCount = 0;
/**
* Let's not let it loop forever. If we run N times and fail to
* get N bytes of random data, then CAPICOM has failed us.
*/
do {
$buf .= base64_decode($util->GetRandom($bytes, 0));
if (RandomCompat_strlen($buf) >= $bytes) {
/**
* Return our random entropy buffer here:
*/
return RandomCompat_substr($buf, 0, $bytes);
}
++$execCount;
} while ($execCount < $bytes);
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
);
}
}

217
src/wp-includes/random_compat/random_bytes_dev_urandom.php
View File

@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -30,119 +30,138 @@ if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
define('RANDOM_COMPAT_READ_BUFFER', 8); define('RANDOM_COMPAT_READ_BUFFER', 8);
} }
/** if (!is_callable('random_bytes')) {
* Unless open_basedir is enabled, use /dev/urandom for
* random numbers in accordance with best practices
*
* Why we use /dev/urandom and not /dev/random
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
static $fp = null;
/** /**
* This block should only be run once * Unless open_basedir is enabled, use /dev/urandom for
* random numbers in accordance with best practices
*
* Why we use /dev/urandom and not /dev/random
* @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/ */
if (empty($fp)) { function random_bytes($bytes)
{
static $fp = null;
/** /**
* We use /dev/urandom if it is a char device. * This block should only be run once
* We never fall back to /dev/random
*/ */
$fp = fopen('/dev/urandom', 'rb'); if (empty($fp)) {
if (!empty($fp)) { /**
$st = fstat($fp); * We use /dev/urandom if it is a char device.
if (($st['mode'] & 0170000) !== 020000) { * We never fall back to /dev/random
fclose($fp); */
$fp = false; $fp = fopen('/dev/urandom', 'rb');
if (!empty($fp)) {
$st = fstat($fp);
if (($st['mode'] & 0170000) !== 020000) {
fclose($fp);
$fp = false;
}
}
if (!empty($fp)) {
/**
* stream_set_read_buffer() does not exist in HHVM
*
* If we don't set the stream's read buffer to 0, PHP will
* internally buffer 8192 bytes, which can waste entropy
*
* stream_set_read_buffer returns 0 on success
*/
if (is_callable('stream_set_read_buffer')) {
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
}
if (is_callable('stream_set_chunk_size')) {
stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
}
} }
} }
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* This if() block only runs if we managed to open a file handle
*
* It does not belong in an else {} block, because the above
* if (empty($fp)) line is logic that should only be run once per
* page load.
*/
if (!empty($fp)) { if (!empty($fp)) {
/** /**
* stream_set_read_buffer() does not exist in HHVM * @var int
*
* If we don't set the stream's read buffer to 0, PHP will
* internally buffer 8192 bytes, which can waste entropy
*
* stream_set_read_buffer returns 0 on success
*/ */
if (function_exists('stream_set_read_buffer')) { $remaining = $bytes;
stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
}
if (function_exists('stream_set_chunk_size')) {
stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
}
}
}
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* This if() block only runs if we managed to open a file handle
*
* It does not belong in an else {} block, because the above
* if (empty($fp)) line is logic that should only be run once per
* page load.
*/
if (!empty($fp)) {
$remaining = $bytes;
$buf = '';
/**
* We use fread() in a loop to protect against partial reads
*/
do {
$read = fread($fp, $remaining);
if ($read === false) {
/**
* We cannot safely read from the file. Exit the
* do-while loop and trigger the exception condition
*/
$buf = false;
break;
}
/** /**
* Decrease the number of bytes returned from remaining * @var string|bool
*/ */
$remaining -= RandomCompat_strlen($read); $buf = '';
$buf .= $read;
} while ($remaining > 0); /**
* We use fread() in a loop to protect against partial reads
/** */
* Is our result valid? do {
*/
if ($buf !== false) {
if (RandomCompat_strlen($buf) === $bytes) {
/** /**
* Return our random entropy buffer here: * @var string|bool
*/ */
return $buf; $read = fread($fp, $remaining);
if (!is_string($read)) {
if ($read === false) {
/**
* We cannot safely read from the file. Exit the
* do-while loop and trigger the exception condition
*
* @var string|bool
*/
$buf = false;
break;
}
}
/**
* Decrease the number of bytes returned from remaining
*/
$remaining -= RandomCompat_strlen($read);
/**
* @var string|bool
*/
$buf = $buf . $read;
} while ($remaining > 0);
/**
* Is our result valid?
*/
if (is_string($buf)) {
if (RandomCompat_strlen($buf) === $bytes) {
/**
* Return our random entropy buffer here:
*/
return $buf;
}
} }
} }
}
/** /**
* If we reach here, PHP has failed us. * If we reach here, PHP has failed us.
*/ */
throw new Exception( throw new Exception(
'Error reading from source device' 'Error reading from source device'
); );
}
} }

116
src/wp-includes/random_compat/random_bytes_libsodium.php
View File

@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,61 +26,63 @@
* SOFTWARE. * SOFTWARE.
*/ */
/** if (!is_callable('random_bytes')) {
* If the libsodium PHP extension is loaded, we'll use it above any other /**
* solution. * If the libsodium PHP extension is loaded, we'll use it above any other
* * solution.
* libsodium-php project: *
* @ref https://github.com/jedisct1/libsodium-php * libsodium-php project:
* * @ref https://github.com/jedisct1/libsodium-php
* @param int $bytes *
* * @param int $bytes
* @throws Exception *
* * @throws Exception
* @return string *
*/ * @return string
function random_bytes($bytes) */
{ function random_bytes($bytes)
try { {
$bytes = RandomCompat_intval($bytes); try {
} catch (TypeError $ex) { $bytes = RandomCompat_intval($bytes);
throw new TypeError( } catch (TypeError $ex) {
'random_bytes(): $bytes must be an integer' throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
* generated in one invocation.
*/
if ($bytes > 2147483647) {
$buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) {
$n = ($bytes - $i) > 1073741824
? 1073741824
: $bytes - $i;
$buf .= \Sodium\randombytes_buf($n);
}
} else {
$buf = \Sodium\randombytes_buf($bytes);
}
if ($buf !== false) {
if (RandomCompat_strlen($buf) === $bytes) {
return $buf;
}
}
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
); );
} }
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
* generated in one invocation.
*/
if ($bytes > 2147483647) {
$buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) {
$n = ($bytes - $i) > 1073741824
? 1073741824
: $bytes - $i;
$buf .= \Sodium\randombytes_buf($n);
}
} else {
$buf = \Sodium\randombytes_buf($bytes);
}
if ($buf !== false) {
if (RandomCompat_strlen($buf) === $bytes) {
return $buf;
}
}
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
);
} }

112
src/wp-includes/random_compat/random_bytes_libsodium_legacy.php
View File

@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,61 +26,67 @@
* SOFTWARE. * SOFTWARE.
*/ */
/** if (!is_callable('random_bytes')) {
* If the libsodium PHP extension is loaded, we'll use it above any other
* solution.
*
* libsodium-php project:
* @ref https://github.com/jedisct1/libsodium-php
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/** /**
* \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be * If the libsodium PHP extension is loaded, we'll use it above any other
* generated in one invocation. * solution.
*
* libsodium-php project:
* @ref https://github.com/jedisct1/libsodium-php
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/ */
if ($bytes > 2147483647) { function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* @var string
*/
$buf = ''; $buf = '';
for ($i = 0; $i < $bytes; $i += 1073741824) {
$n = ($bytes - $i) > 1073741824
? 1073741824
: $bytes - $i;
$buf .= Sodium::randombytes_buf($n);
}
} else {
$buf = Sodium::randombytes_buf($bytes);
}
if ($buf !== false) { /**
if (RandomCompat_strlen($buf) === $bytes) { * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
return $buf; * generated in one invocation.
*/
if ($bytes > 2147483647) {
for ($i = 0; $i < $bytes; $i += 1073741824) {
$n = ($bytes - $i) > 1073741824
? 1073741824
: $bytes - $i;
$buf .= Sodium::randombytes_buf((int) $n);
}
} else {
$buf .= Sodium::randombytes_buf((int) $bytes);
} }
}
/** if (is_string($buf)) {
* If we reach here, PHP has failed us. if (RandomCompat_strlen($buf) === $bytes) {
*/ return $buf;
throw new Exception( }
'Could not gather sufficient random data' }
);
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
);
}
} }

95
src/wp-includes/random_compat/random_bytes_mcrypt.php
View File

@ -4,8 +4,8 @@
* for using the new PHP 7 random_* API in PHP 5 projects * for using the new PHP 7 random_* API in PHP 5 projects
* *
* The MIT License (MIT) * The MIT License (MIT)
* *
* Copyright (c) 2015 Paragon Initiative Enterprises * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -26,51 +26,52 @@
* SOFTWARE. * SOFTWARE.
*/ */
if (!is_callable('random_bytes')) {
/**
* Powered by ext/mcrypt (and thankfully NOT libmcrypt)
*
* @ref https://bugs.php.net/bug.php?id=55169
* @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
if (
$buf !== false
&&
RandomCompat_strlen($buf) === $bytes
) {
/**
* Return our random entropy buffer here:
*/
return $buf;
}
/** /**
* If we reach here, PHP has failed us. * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
*
* @ref https://bugs.php.net/bug.php?id=55169
* @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/ */
throw new Exception( function random_bytes($bytes)
'Could not gather sufficient random data' {
); try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
$buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
if (
$buf !== false
&&
RandomCompat_strlen($buf) === $bytes
) {
/**
* Return our random entropy buffer here:
*/
return $buf;
}
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
);
}
} }

83
src/wp-includes/random_compat/random_bytes_openssl.php
View File

@ -1,83 +0,0 @@
<?php
/**
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
*
* Copyright (c) 2015 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
/**
* Since openssl_random_pseudo_bytes() uses openssl's
* RAND_pseudo_bytes() API, which has been marked as deprecated by the
* OpenSSL team, this is our last resort before failure.
*
* @ref https://www.openssl.org/docs/crypto/RAND_bytes.html
*
* @param int $bytes
*
* @throws Exception
*
* @return string
*/
function random_bytes($bytes)
{
try {
$bytes = RandomCompat_intval($bytes);
} catch (TypeError $ex) {
throw new TypeError(
'random_bytes(): $bytes must be an integer'
);
}
if ($bytes < 1) {
throw new Error(
'Length must be greater than 0'
);
}
/**
* $secure is passed by reference. If it's set to false, fail. Note
* that this will only return false if this function fails to return
* any data.
*
* @ref https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973
*/
$secure = true;
$buf = openssl_random_pseudo_bytes($bytes, $secure);
if (
$buf !== false
&&
$secure
&&
RandomCompat_strlen($buf) === $bytes
) {
return $buf;
}
/**
* If we reach here, PHP has failed us.
*/
throw new Exception(
'Could not gather sufficient random data'
);
}

331
src/wp-includes/random_compat/random_int.php
View File

@ -1,191 +1,190 @@
<?php <?php
/**
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* The MIT License (MIT)
*
* Copyright (c) 2015 Paragon Initiative Enterprises
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
/** if (!is_callable('random_int')) {
* Fetch a random integer between $min and $max inclusive
*
* @param int $min
* @param int $max
*
* @throws Exception
*
* @return int
*/
function random_int($min, $max)
{
/** /**
* Type and input logic checks * Random_* Compatibility Library
* * for using the new PHP 7 random_* API in PHP 5 projects
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX) *
* (non-inclusive), it will sanely cast it to an int. If you it's equal to * The MIT License (MIT)
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats *
* lose precision, so the <= and => operators might accidentally let a float * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
* through. *
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/ */
try {
$min = RandomCompat_intval($min);
} catch (TypeError $ex) {
throw new TypeError(
'random_int(): $min must be an integer'
);
}
try {
$max = RandomCompat_intval($max);
} catch (TypeError $ex) {
throw new TypeError(
'random_int(): $max must be an integer'
);
}
/**
* Now that we've verified our weak typing system has given us an integer,
* let's validate the logic then we can move forward with generating random
* integers along a given range.
*/
if ($min > $max) {
throw new Error(
'Minimum value must be less than or equal to the maximum value'
);
}
if ($max === $min) {
return $min;
}
/** /**
* Initialize variables to 0 * Fetch a random integer between $min and $max inclusive
* *
* We want to store: * @param int $min
* $bytes => the number of random bytes we need * @param int $max
* $mask => an integer bitmask (for use with the &) operator *
* so we can minimize the number of discards * @throws Exception
*
* @return int
*/ */
$attempts = $bits = $bytes = $mask = $valueShift = 0; function random_int($min, $max)
{
/**
* Type and input logic checks
*
* If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
* (non-inclusive), it will sanely cast it to an int. If you it's equal to
* ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
* lose precision, so the <= and => operators might accidentally let a float
* through.
*/
/** try {
* At this point, $range is a positive number greater than 0. It might $min = RandomCompat_intval($min);
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to } catch (TypeError $ex) {
* a float and we will lose some precision. throw new TypeError(
*/ 'random_int(): $min must be an integer'
$range = $max - $min; );
}
/** try {
* Test for integer overflow: $max = RandomCompat_intval($max);
*/ } catch (TypeError $ex) {
if (!is_int($range)) { throw new TypeError(
'random_int(): $max must be an integer'
);
}
/** /**
* Still safely calculate wider ranges. * Now that we've verified our weak typing system has given us an integer,
* Provided by @CodesInChaos, @oittaa * let's validate the logic then we can move forward with generating random
* * integers along a given range.
* @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
*
* We use ~0 as a mask in this case because it generates all 1s
*
* @ref https://eval.in/400356 (32-bit)
* @ref http://3v4l.org/XX9r5 (64-bit)
*/ */
$bytes = PHP_INT_SIZE; if ($min > $max) {
$mask = ~0; throw new Error(
'Minimum value must be less than or equal to the maximum value'
);
}
} else { if ($max === $min) {
return (int) $min;
}
/** /**
* $bits is effectively ceil(log($range, 2)) without dealing with * Initialize variables to 0
* type juggling *
* We want to store:
* $bytes => the number of random bytes we need
* $mask => an integer bitmask (for use with the &) operator
* so we can minimize the number of discards
*/ */
while ($range > 0) { $attempts = $bits = $bytes = $mask = $valueShift = 0;
if ($bits % 8 === 0) {
++$bytes; /**
* At this point, $range is a positive number greater than 0. It might
* overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
* a float and we will lose some precision.
*/
$range = $max - $min;
/**
* Test for integer overflow:
*/
if (!is_int($range)) {
/**
* Still safely calculate wider ranges.
* Provided by @CodesInChaos, @oittaa
*
* @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
*
* We use ~0 as a mask in this case because it generates all 1s
*
* @ref https://eval.in/400356 (32-bit)
* @ref http://3v4l.org/XX9r5 (64-bit)
*/
$bytes = PHP_INT_SIZE;
$mask = ~0;
} else {
/**
* $bits is effectively ceil(log($range, 2)) without dealing with
* type juggling
*/
while ($range > 0) {
if ($bits % 8 === 0) {
++$bytes;
}
++$bits;
$range >>= 1;
$mask = $mask << 1 | 1;
} }
++$bits; $valueShift = $min;
$range >>= 1;
$mask = $mask << 1 | 1;
}
$valueShift = $min;
}
/**
* Now that we have our parameters set up, let's begin generating
* random integers until one falls between $min and $max
*/
do {
/**
* The rejection probability is at most 0.5, so this corresponds
* to a failure probability of 2^-128 for a working RNG
*/
if ($attempts > 128) {
throw new Exception(
'random_int: RNG is broken - too many rejections'
);
} }
/**
* Let's grab the necessary number of random bytes
*/
$randomByteString = random_bytes($bytes);
if ($randomByteString === false) {
throw new Exception(
'Random number generator failure'
);
}
/**
* Let's turn $randomByteString into an integer
*
* This uses bitwise operators (<< and |) to build an integer
* out of the values extracted from ord()
*
* Example: [9F] | [6D] | [32] | [0C] =>
* 159 + 27904 + 3276800 + 201326592 =>
* 204631455
*/
$val = 0; $val = 0;
for ($i = 0; $i < $bytes; ++$i) {
$val |= ord($randomByteString[$i]) << ($i * 8);
}
/** /**
* Apply mask * Now that we have our parameters set up, let's begin generating
* random integers until one falls between $min and $max
*/ */
$val &= $mask; do {
$val += $valueShift; /**
* The rejection probability is at most 0.5, so this corresponds
* to a failure probability of 2^-128 for a working RNG
*/
if ($attempts > 128) {
throw new Exception(
'random_int: RNG is broken - too many rejections'
);
}
++$attempts; /**
/** * Let's grab the necessary number of random bytes
* If $val overflows to a floating point number, */
* ... or is larger than $max, $randomByteString = random_bytes($bytes);
* ... or smaller than $min,
* then try again.
*/
} while (!is_int($val) || $val > $max || $val < $min);
return (int) $val; /**
* Let's turn $randomByteString into an integer
*
* This uses bitwise operators (<< and |) to build an integer
* out of the values extracted from ord()
*
* Example: [9F] | [6D] | [32] | [0C] =>
* 159 + 27904 + 3276800 + 201326592 =>
* 204631455
*/
$val &= 0;
for ($i = 0; $i < $bytes; ++$i) {
$val |= ord($randomByteString[$i]) << ($i * 8);
}
/**
* Apply mask
*/
$val &= $mask;
$val += $valueShift;
++$attempts;
/**
* If $val overflows to a floating point number,
* ... or is larger than $max,
* ... or smaller than $min,
* then try again.
*/
} while (!is_int($val) || $val > $max || $val < $min);
return (int) $val;
}
} }