diff options
| -rw-r--r-- | build/build.xml | 7 | ||||
| -rw-r--r-- | phpBB/composer.json | 1 | ||||
| -rw-r--r-- | phpBB/composer.lock | 52 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 19 |
4 files changed, 60 insertions, 19 deletions
diff --git a/build/build.xml b/build/build.xml index 6d5b652b0a..b47b5f6eff 100644 --- a/build/build.xml +++ b/build/build.xml @@ -355,6 +355,13 @@ <delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" /> <delete file="${dir}/vendor/lusitanian/oauth/README.md" /> + <delete dir="${dir}/vendor/paragonie/random_compat/dist" /> + <delete dir="${dir}/vendor/paragonie/random_compat/other" /> + <delete file="${dir}/vendor/paragonie/random_compat/CHANGELOG.md" /> + <delete file="${dir}/vendor/paragonie/random_compat/ERRATA.md" /> + <delete file="${dir}/vendor/paragonie/random_compat/README.md" /> + <delete file="${dir}/vendor/paragonie/random_compat/SECURITY.md" /> + <delete file="${dir}/vendor/patchwork/utf8/.travis.yml" /> <delete file="${dir}/vendor/patchwork/utf8/CHANGELOG.md" /> <delete file="${dir}/vendor/patchwork/utf8/phpunit.xml.dist" /> diff --git a/phpBB/composer.json b/phpBB/composer.json index 88df2bfa3d..b0c9b57cb6 100644 --- a/phpBB/composer.json +++ b/phpBB/composer.json @@ -31,6 +31,7 @@ "guzzlehttp/guzzle": "~5.3", "lusitanian/oauth": "^0.8.1", "marc1706/fast-image-size": "1.1.*", + "paragonie/random_compat": "^1.2", "patchwork/utf8": "1.1.*", "s9e/text-formatter": "^0.4.2", "symfony/config": "2.8.*", diff --git a/phpBB/composer.lock b/phpBB/composer.lock index 7cb6c160ce..d10c94a75f 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "2de20b0ffe0ca05fb62a7c685a25ca79", - "content-hash": "6e427257e82c0d33fc94040d9685f516", + "hash": "9cbb41222e71eb86e0ef9118baafc691", + "content-hash": "03a990fa2d088c89afe4824d2d53e873", "packages": [ { "name": "bantu/ini-get-wrapper", @@ -402,6 +402,54 @@ "time": "2015-08-21 11:40:30" }, { + "name": "paragonie/random_compat", + "version": "v1.2.0", + "source": { + "type": "git", + "url": "https://github.com/paragonie/random_compat.git", + "reference": "b0e69d10852716b2ccbdff69c75c477637220790" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/b0e69d10852716b2ccbdff69c75c477637220790", + "reference": "b0e69d10852716b2ccbdff69c75c477637220790", + "shasum": "" + }, + "require": { + "php": ">=5.2.0" + }, + "require-dev": { + "phpunit/phpunit": "4.*|5.*" + }, + "suggest": { + "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." + }, + "type": "library", + "autoload": { + "files": [ + "lib/random.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paragon Initiative Enterprises", + "email": "security@paragonie.com", + "homepage": "https://paragonie.com" + } + ], + "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7", + "keywords": [ + "csprng", + "pseudorandom", + "random" + ], + "time": "2016-02-06 03:52:05" + }, + { "name": "patchwork/utf8", "version": "v1.1.31", "source": { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 54ff51dda5..5125a601d6 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -93,25 +93,10 @@ function gen_rand_string_friendly($num_chars = 8) /** * Return unique id -* @param string $extra additional entropy */ -function unique_id($extra = 'c') +function unique_id() { - static $dss_seeded = false; - global $config; - - $val = $config['rand_seed'] . microtime(); - $val = md5($val); - $config['rand_seed'] = md5($config['rand_seed'] . $val . $extra); - - if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) - { - $config->set('rand_seed_last_update', time(), false); - $config->set('rand_seed', $config['rand_seed'], false); - $dss_seeded = true; - } - - return substr($val, 4, 16); + return bin2hex(random_bytes(6)); } /** |