Commit Graph

48 Commits

Author SHA1 Message Date
Nikolay Bachiyski
c512f8cbdd Docs: clarify inline docs for hash_equals
Before the docs implied the complexity of the function was O(1) by using the term "constant time", now we use the more descriptive term "Timing attack safe".

Props AramZS.
Fixes #32778.

Built from https://develop.svn.wordpress.org/trunk@35805


git-svn-id: http://core.svn.wordpress.org/trunk@35769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-06 22:04:51 +00:00
Dion Hulse
4852cbf14b Use PHP7's random_int() CSPRNG functionality in wp_rand() with a fallback to the random_compat library for PHP 5.x.
`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.

Take Two, this was previously committed in [34922] but had an issue on PHP 5.2 which sarciszewski has now resolved.

Props sarciszewski
See #28633

Built from https://develop.svn.wordpress.org/trunk@34981


git-svn-id: http://core.svn.wordpress.org/trunk@34946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-09 04:28:24 +00:00
Dion Hulse
bb8ba86ed1 Revert [34922] pending PHP 5.2 compatibility.
See #28633

Built from https://develop.svn.wordpress.org/trunk@34924


git-svn-id: http://core.svn.wordpress.org/trunk@34889 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:17:24 +00:00
Dion Hulse
0e322469a6 Use PHP7's random_int() CSPRNG functionality in wp_rand() with a fallback to the random_compat library for PHP 5.x.
`random_compat` offers a set of compatible functions for older versions of PHP, filling in the gap by using other PHP extensions when available.
We still include our existing `wp_rand()` functionality as a fallback for when no proper CSPRNG exists on the system.

Props sarciszewski
See #28633

Built from https://develop.svn.wordpress.org/trunk@34922


git-svn-id: http://core.svn.wordpress.org/trunk@34887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 00:02:24 +00:00
Scott Taylor
f8c3aca01c REST API: add JsonSerializable() compatibility interface for PHP <5.4 to compat.php
Props rmmcue.
See #33982.

Built from https://develop.svn.wordpress.org/trunk@34845


git-svn-id: http://core.svn.wordpress.org/trunk@34810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 02:56:24 +00:00
Scott Taylor
5a357a452f REST API: add json_last_error_msg() compatibility function for PHP <5.5 to compat.php
Props rmmcue.
See #33982.

Built from https://develop.svn.wordpress.org/trunk@34844


git-svn-id: http://core.svn.wordpress.org/trunk@34809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 02:45:26 +00:00
Scott Taylor
42d51a4f89 Add doc blocks to functions that are missing them.
If the function has no need for `@param` or `@return`, do an archeaological dig to find `@since`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32672


git-svn-id: http://core.svn.wordpress.org/trunk@32642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-31 03:18:25 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Gary Pendergast
364886a5be WPDB: When checking that a string can be sent to MySQL, we shouldn't use mb_convert_encoding(), as it behaves differently to MySQL's character encoding conversion.
Props mdawaffe, pento, nbachiyski, jorbin, johnjamesjacoby, jeremyfelt.

See #32165.


Built from https://develop.svn.wordpress.org/trunk@32364


git-svn-id: http://core.svn.wordpress.org/trunk@32335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 03:00:25 +00:00
Sergey Biryukov
b76cfbcdb4 Fix a copy/paste error in a comment.
see #31951.
Built from https://develop.svn.wordpress.org/trunk@32115


git-svn-id: http://core.svn.wordpress.org/trunk@32094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-11 23:20:25 +00:00
Andrew Ozz
f008aea0e1 Add mb_strlen() compatibility function. Works the same way as the existing mb_substr() compatibility function.
Props SergeyBiryukov. Fixes #31951.
Built from https://develop.svn.wordpress.org/trunk@32114


git-svn-id: http://core.svn.wordpress.org/trunk@32093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-11 23:14:26 +00:00
Scott Taylor
fe6b5983df In PHP 5.0.0, is_a() became deprecated in favour of the instanceof operator. Calling is_a() would result in an E_STRICT warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Mark Jaquith
45afcde640 Define JSON_PRETTY_PRINT so it can be used with wp_json_encode()
* `JSON_PRETTY_PRINT` was introduced in PHP 5.4
* Now you can use it with lower PHP versions, without a notice

fixes #30139
see #28786
Built from https://develop.svn.wordpress.org/trunk@30075


git-svn-id: http://core.svn.wordpress.org/trunk@30075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 21:13:22 +00:00
Andrew Nacin
7d672c38a4 Constant time for wp_verify_nonce().
Built from https://develop.svn.wordpress.org/trunk@29382


git-svn-id: http://core.svn.wordpress.org/trunk@29160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-06 05:26:16 +00:00
nacin
c8e85fcb81 Restore compat for json_decode and json_encode. fixes #18015 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-06 23:33:05 +00:00
ryan
38e198f8f1 Resurrect hash_hmac() compat for hosts that --disable-hash. Props aaroncampbell. fixes #17647
git-svn-id: http://svn.automattic.com/wordpress/trunk@18111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-02 14:21:09 +00:00
markjaquith
86bc31ea2b Add mb_substr() back to compat.php (it is non-default). see #16918. props joostdevalk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-07 15:46:57 +00:00
markjaquith
613639762a Add _() back to compat.php (it is non-default). see #16918. props aaroncampbell
git-svn-id: http://svn.automattic.com/wordpress/trunk@17620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-07 15:46:48 +00:00
ryan
91dc365567 Take out unnecessary compat functions from compat.php. Props hakre, ptahdunbar. see #16918
git-svn-id: http://svn.automattic.com/wordpress/trunk@17603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-05 17:13:04 +00:00
dd32
f7e764312b Fix invalid paths in requires. See r14139. See #12594
git-svn-id: http://svn.automattic.com/wordpress/trunk@14151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 09:51:19 +00:00
nacin
6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
dd32
ceb1acf3f7 Implement the 2nd parameter of json_decode() for back-compat purposes. Returns an associative array instead of an object. For the recursive object handling, Props carbolineum. Fixes #11963
git-svn-id: http://svn.automattic.com/wordpress/trunk@13863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-28 04:42:44 +00:00
dd32
adb825f6d0 Implement the 2nd parameter of json_decode() for back-compat purposes. Returns an associative array instead of an object. Fixes #11963
git-svn-id: http://svn.automattic.com/wordpress/trunk@13862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-28 04:35:42 +00:00
ryan
137705d20b Update json lib. Use encodeUnsafe in our json wrapper. Props nacin. fixes #11537 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@12491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-22 16:49:35 +00:00
westi
50a2f86dda Correct key padding and add support for raw_output in hash_hmac. Fixes #10284 props mdawaffe.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-12 22:03:14 +00:00
westi
b45dcf2df5 Make our hash_hmac compatibility function unit testable even when the real one exists. See #10284.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-12 08:26:44 +00:00
azaozz
1c161c23c2 Image editing (first run). Includes code by stephanreiter, see #10528
git-svn-id: http://svn.automattic.com/wordpress/trunk@11911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-10 22:07:33 +00:00
azaozz
a0467d5cda Add JSON compat for PHP < 5.2, props Viper007Bond, see #10337
git-svn-id: http://svn.automattic.com/wordpress/trunk@11875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-25 07:48:59 +00:00
ryan
ead9ed7938 Add compat for mb_substr rather than mb_strcut. fixes #9055
git-svn-id: http://svn.automattic.com/wordpress/trunk@10707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-04 22:05:49 +00:00
ryan
39edc65b53 Use right variable name. Props stringfold. fixes #9090 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-02-11 19:36:32 +00:00
azaozz
ec1ca2236f Latest version of the patch for refactor filters to avoid potential XSS attacks, props sambauers and DD32, see #8767
git-svn-id: http://svn.automattic.com/wordpress/trunk@10298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-04 23:37:47 +00:00
azaozz
19848b9d90 Refactor filters to avoid potential XSS attacks, props sambauers and DD32, see #8767
git-svn-id: http://svn.automattic.com/wordpress/trunk@10297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-04 22:25:50 +00:00
azaozz
79eab52909 htmlspecialchars_decode() for php versions less than 5.1, props sivel, fixes #8679
git-svn-id: http://svn.automattic.com/wordpress/trunk@10236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-21 09:03:23 +00:00
ryan
6e181bb941 Multi-byte character safe excerpting from nbachiyski. fixes #6077
git-svn-id: http://svn.automattic.com/wordpress/trunk@7140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-03 21:05:23 +00:00
ryan
d88983793b Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@6726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-05 06:47:27 +00:00
ryan
71c278e89d Remove PHP 4.2 and 4.3 back compat functions. Props DD32. fixes #5415
git-svn-id: http://svn.automattic.com/wordpress/trunk@6672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-28 20:15:20 +00:00
westi
0a7a447555 Add file level documentation for compat.php. Fixes #5510 props darkdragon.
git-svn-id: http://svn.automattic.com/wordpress/trunk@6485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-12-24 07:18:41 +00:00
westi
71b2207ea3 Ensure we don't call exif_read_data() on unsupported file types. Fixes #5397 props DD32
git-svn-id: http://svn.automattic.com/wordpress/trunk@6438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-12-20 22:18:28 +00:00
ryan
29ef8b6f5f New secure cookie protocol. see #5367
git-svn-id: http://svn.automattic.com/wordpress/trunk@6387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-12-16 17:41:59 +00:00
westi
3d04ae4f29 Refactor of wp-admin/includes/image.php. Fixes #5312, #4151, #4709, #5304 props DD32.
git-svn-id: http://svn.automattic.com/wordpress/trunk@6309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-11-03 18:33:19 +00:00
markjaquith
ba6e8f4a92 Actually, we always need to URLencode square brackets... or wp_redirect() will strip them out. see #4935. see #4878
git-svn-id: http://svn.automattic.com/wordpress/trunk@6070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-10 15:53:34 +00:00
markjaquith
51299852ef Forgot to use $lsb and $rsb in [6064]. Props mdawaffe. see #4935. see #4878
git-svn-id: http://svn.automattic.com/wordpress/trunk@6069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-10 15:34:13 +00:00
markjaquith
79c4324e01 Only urlencode previously existing values in add_query_arg() (more backwards compatible). fixes #4935. see #4084. see #4878
git-svn-id: http://svn.automattic.com/wordpress/trunk@6064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-08 14:27:24 +00:00
markjaquith
0906863d2c Preserve query string arrays in add_query_arg(). fixes #4878 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@5999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-01 03:41:50 +00:00
rob1n
4a5335aee6 Add stripos() for compatibility for PHP < 5. This will be needed for a patch later, I think.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-04-06 02:54:12 +00:00
ryan
9f534ebae6 Remove trailing spaces and convert spaces to tabs. Props Nazgul. fixes #986
git-svn-id: http://svn.automattic.com/wordpress/trunk@4495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-19 07:56:05 +00:00
ryan
4b02c602d1 Move _() to compat.php
git-svn-id: http://svn.automattic.com/wordpress/trunk@3901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-06-22 19:45:49 +00:00
ryan
c93efa866e Include file renames. #2525
git-svn-id: http://svn.automattic.com/wordpress/trunk@3862 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-06-11 06:43:54 +00:00