From 60965cc4a51e3abd0fcd5c21b6759114f95f20e6 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Tue, 22 Dec 2015 03:23:24 +0000 Subject: [PATCH] Update random_compat to latest Changes: * Checks `disable_classes` for `COM()` before using to avoid PHP Warnings * Uses `stream_set_chunk_size()` to avoid reading 8KiB from `/dev/urandom` unintentionally. Merges [35922] to the 4.4 branch. Fixes #34948. Built from https://develop.svn.wordpress.org/branches/4.4@36058 git-svn-id: http://core.svn.wordpress.org/branches/4.4@36023 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/random_compat/random.php | 22 ++++++++++------ .../random_bytes_dev_urandom.php | 25 +++++++++++-------- wp-includes/version.php | 2 +- 3 files changed, 31 insertions(+), 18 deletions(-) diff --git a/wp-includes/random_compat/random.php b/wp-includes/random_compat/random.php index d1f7555afa..8898a35bcd 100644 --- a/wp-includes/random_compat/random.php +++ b/wp-includes/random_compat/random.php @@ -90,15 +90,23 @@ if (PHP_VERSION_ID < 70000) { extension_loaded('com_dotnet') && class_exists('COM') ) { - try { - $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); - if (method_exists($RandomCompatCOMtest, 'GetRandom')) { - // See random_bytes_com_dotnet.php - require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php'; + $RandomCompat_disabled_classes = preg_split( + '#\s*,\s*#', + strtolower(ini_get('disable_classes')) + ); + + if (!in_array('com', $RandomCompat_disabled_classes)) { + try { + $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1'); + if (method_exists($RandomCompatCOMtest, 'GetRandom')) { + // See random_bytes_com_dotnet.php + require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php'; + } + } catch (com_exception $e) { + // Don't try to use it. } - } catch (com_exception $e) { - // Don't try to use it. } + $RandomCompat_disabled_classes = null; $RandomCompatCOMtest = null; } if ( diff --git a/wp-includes/random_compat/random_bytes_dev_urandom.php b/wp-includes/random_compat/random_bytes_dev_urandom.php index aebcafcf7d..5d07104b3f 100644 --- a/wp-includes/random_compat/random_bytes_dev_urandom.php +++ b/wp-includes/random_compat/random_bytes_dev_urandom.php @@ -62,16 +62,21 @@ function random_bytes($bytes) $fp = false; } } - /** - * stream_set_read_buffer() does not exist in HHVM - * - * If we don't set the stream's read buffer to 0, PHP will - * internally buffer 8192 bytes, which can waste entropy - * - * stream_set_read_buffer returns 0 on success - */ - if (!empty($fp) && function_exists('stream_set_read_buffer')) { - stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); + if (!empty($fp)) { + /** + * stream_set_read_buffer() does not exist in HHVM + * + * If we don't set the stream's read buffer to 0, PHP will + * internally buffer 8192 bytes, which can waste entropy + * + * stream_set_read_buffer returns 0 on success + */ + if (function_exists('stream_set_read_buffer')) { + stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER); + } + if (function_exists('stream_set_chunk_size')) { + stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER); + } } } try { diff --git a/wp-includes/version.php b/wp-includes/version.php index 56a808c396..6318c9be76 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4.1-alpha-36057'; +$wp_version = '4.4.1-alpha-36058'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.