Update to Random_Compat 1.0.9.

This update includes fixes for Windows support & libSodium support, and removes the `Throwable` Polyfill due to PHP7 incompatibilities. Fixes #28633 git-svn-id: https://develop.svn.wordpress.org/trunk@35365 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2015-10-23 04:21:01 +00:00
parent b89670b0f6
commit 3a992e266f
11 changed files with 260 additions and 45 deletions
--- a/src/wp-includes/random_compat/random.php
+++ b/src/wp-includes/random_compat/random.php
@@ -28,15 +28,18 @@

 if (!defined('PHP_VERSION_ID')) {
    // This constant was introduced in PHP 5.2.7
-    $version = explode('.', PHP_VERSION);
-    define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
+    $RandomCompatversion = explode('.', PHP_VERSION);
+    define('PHP_VERSION_ID', ($RandomCompatversion[0] * 10000 + $RandomCompatversion[1] * 100 + $RandomCompatversion[2]));
+    unset($RandomCompatversion);
 }
 if (PHP_VERSION_ID < 70000) {
    if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
        define('RANDOM_COMPAT_READ_BUFFER', 8);
    }
-    require_once "byte_safe_strings.php";
-    require_once "error_polyfill.php";
+    $__DIR__ = dirname(__FILE__);
+    require_once $__DIR__.'/byte_safe_strings.php';
+    require_once $__DIR__.'/cast_to_int.php';
+    require_once $__DIR__.'/error_polyfill.php';
    if (!function_exists('random_bytes')) {
        /**
         * PHP 5.2.0 - 5.6.x way to implement random_bytes()
@@ -45,26 +48,68 @@ if (PHP_VERSION_ID < 70000) {
         * to the operating environment. It's a micro-optimization.
         * 
         * In order of preference:
-         *   1. fread() /dev/urandom if available
-         *   2. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
-         *   3. COM('CAPICOM.Utilities.1')->GetRandom()
-         *   4. openssl_random_pseudo_bytes()
+         *   1. Use libsodium if available.
+         *   2. fread() /dev/urandom if available (never on Windows)
+         *   3. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV)
+         *   4. COM('CAPICOM.Utilities.1')->GetRandom()
+         *   5. openssl_random_pseudo_bytes() (absolute last resort)
         * 
         * See ERRATA.md for our reasoning behind this particular order
         */
-        if (!ini_get('open_basedir') && is_readable('/dev/urandom')) {
+        if (extension_loaded('libsodium')) {
+            // See random_bytes_libsodium.php
+            require_once $__DIR__.'/random_bytes_libsodium.php';
+        }
+        if (
+            !function_exists('random_bytes') && 
+            DIRECTORY_SEPARATOR === '/' &&
+            @is_readable('/dev/urandom')
+        ) {
+            // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+            // way to exclude Windows.
+            // 
+            // Error suppression on is_readable() in case of an open_basedir or 
+            // safe_mode failure. All we care about is whether or not we can 
+            // read it at this point. If the PHP environment is going to panic 
+            // over trying to see if the file can be read in the first place,
+            // that is not helpful to us here.
+            
            // See random_bytes_dev_urandom.php
-            require_once "random_bytes_dev_urandom.php";
-        } elseif (PHP_VERSION_ID >= 50307 && function_exists('mcrypt_create_iv')) {
+            require_once $__DIR__.'/random_bytes_dev_urandom.php';
+        }
+        if (
+            !function_exists('random_bytes') &&
+            PHP_VERSION_ID >= 50307 &&
+            extension_loaded('mcrypt')
+        ) {
            // See random_bytes_mcrypt.php
-            require_once "random_bytes_mcrypt.php";
-        } elseif (extension_loaded('com_dotnet')) {
-            // See random_bytes_com_dotnet.php
-            require_once "random_bytes_com_dotnet.php";
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+            require_once $__DIR__.'/random_bytes_mcrypt.php';
+        }
+        if (
+            !function_exists('random_bytes') && 
+            extension_loaded('com_dotnet') &&
+            class_exists('COM')
+        ) {
+            try {
+                $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+                if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+                    // See random_bytes_com_dotnet.php
+                    require_once $__DIR__.'/random_bytes_com_dotnet.php';
+                }
+            } catch (com_exception $e) {
+                // Don't try to use it.
+            }
+            unset($RandomCompatCOMtest);
+        }
+        if (
+            !function_exists('random_bytes') && 
+            extension_loaded('openssl') &&
+            PHP_VERSION_ID >= 50300
+        ) {
            // See random_bytes_openssl.php
-            require_once "random_bytes_openssl.php";
-        } else {
+            require_once $__DIR__.'/random_bytes_openssl.php';
+        }
+        if (!function_exists('random_bytes')) {
            /**
             * We don't have any more options, so let's throw an exception right now
             * and hope the developer won't let it fail silently.
@@ -78,6 +123,7 @@ if (PHP_VERSION_ID < 70000) {
        }
    }
    if (!function_exists('random_int')) {
-        require_once "random_int.php";
+        require_once $__DIR__.'/random_int.php';
    }
+    unset($__DIR__);
 }