Changeset View
Changeset View
Standalone View
Standalone View
src/filesystem/Filesystem.php
Show First 20 Lines • Show All 415 Lines • ▼ Show 20 Lines | /* -( Files )-------------------------------------------------------------- */ | ||||
* @task file | * @task file | ||||
*/ | */ | ||||
public static function readRandomBytes($number_of_bytes) { | public static function readRandomBytes($number_of_bytes) { | ||||
$number_of_bytes = (int)$number_of_bytes; | $number_of_bytes = (int)$number_of_bytes; | ||||
if ($number_of_bytes < 1) { | if ($number_of_bytes < 1) { | ||||
throw new Exception(pht('You must generate at least 1 byte of entropy.')); | throw new Exception(pht('You must generate at least 1 byte of entropy.')); | ||||
} | } | ||||
// Under PHP 7.2.0 and newer, we have a reasonable builtin. For older | |||||
// versions, we fall back to various sources which have a roughly similar | |||||
// effect. | |||||
if (function_exists('random_bytes')) { | |||||
return random_bytes($number_of_bytes); | |||||
} | |||||
// Try to use `openssl_random_pseudo_bytes()` if it's available. This source | // Try to use `openssl_random_pseudo_bytes()` if it's available. This source | ||||
// is the most widely available source, and works on Windows/Linux/OSX/etc. | // is the most widely available source, and works on Windows/Linux/OSX/etc. | ||||
if (function_exists('openssl_random_pseudo_bytes')) { | if (function_exists('openssl_random_pseudo_bytes')) { | ||||
$strong = true; | $strong = true; | ||||
$data = openssl_random_pseudo_bytes($number_of_bytes, $strong); | $data = openssl_random_pseudo_bytes($number_of_bytes, $strong); | ||||
if (!$strong) { | if (!$strong) { | ||||
▲ Show 20 Lines • Show All 94 Lines • ▼ Show 20 Lines | for ($ii = 0; $ii < $number_of_characters; $ii++) { | ||||
$result .= $map[ord($bytes[$ii]) >> 3]; | $result .= $map[ord($bytes[$ii]) >> 3]; | ||||
} | } | ||||
return $result; | return $result; | ||||
} | } | ||||
/** | /** | ||||
* Generate a random integer value in a given range. | |||||
* | |||||
* This method uses less-entropic random sources under older versions of PHP. | |||||
* | |||||
* @param int Minimum value, inclusive. | |||||
* @param int Maximum value, inclusive. | |||||
*/ | |||||
public static function readRandomInteger($min, $max) { | |||||
// Under PHP 7.2.0 and newer, we can just use "random_int()". This function | |||||
// is intended to generate cryptographically usable entropy. | |||||
if (function_exists('random_int')) { | |||||
return random_int($min, $max); | |||||
} | |||||
// We could find a stronger source for this, but correctly converting raw | |||||
// bytes to an integer range without biases is fairly hard and it seems | |||||
// like we're more likely to get that wrong than suffer a PRNG prediction | |||||
// issue by falling back to "mt_rand()". | |||||
return mt_rand($min, $max); | |||||
amckinley: FWIW, the PHP docs explicitly say "Caution! This function does not generate cryptographically… | |||||
Not Done Inline ActionsAlso, the return value is defined as "...or FALSE if max is less than min", so maybe we should check for that condition and throw instead of potentially returning not-an-int. amckinley: Also, the return value is defined as "...or FALSE if max is less than min", so maybe we should… | |||||
} | |||||
/** | |||||
* Identify the MIME type of a file. This returns only the MIME type (like | * Identify the MIME type of a file. This returns only the MIME type (like | ||||
* text/plain), not the encoding (like charset=utf-8). | * text/plain), not the encoding (like charset=utf-8). | ||||
* | * | ||||
* @param string Path to the file to examine. | * @param string Path to the file to examine. | ||||
* @param string Optional default mime type to return if the file's mime | * @param string Optional default mime type to return if the file's mime | ||||
* type can not be identified. | * type can not be identified. | ||||
* @return string File mime type. | * @return string File mime type. | ||||
* | * | ||||
▲ Show 20 Lines • Show All 615 Lines • Show Last 20 Lines |
FWIW, the PHP docs explicitly say "Caution! This function does not generate cryptographically secure values, and should not be used for cryptographic purposes." I agree with the thrust of your comment, but maybe we should call this readSortaRandomIntegerSuperDangerousDontUse or similar.