[Git][codeigniterpower/codeigniterpower][master] Fix upcoming deprecation of mt_rand on newer php versions

1 view

Skip to first unread message

Герхард PICCORO Lenz McKAY (@mckaygerhard)

unread,

Mar 25, 2024, 2:26:57 PM3/25/24

to venenux...@googlegroups.com

Герхард PICCORO Lenz McKAY pushed to branch master at codeigniterpower / codeigniterpower

Commits:

3c9fcc86

by mckaygerhard at 2024-03-25T14:24:50-04:00

Fix upcoming deprecation of mt_rand on newer php versions

* provide a workaround function in code/Common like is_php does
* closes https://github.com/bcit-ci/CodeIgniter/issues/6275
* related to https://github.com/pocketarc/codeigniter/issues/3#issuecomment-2017024184

Changes:

appsys/core/Common.php


 	}
 }
 
+if ( ! function_exists('php_rand'))
+{
+	/**
+	 * implements internally the rand specific function based on PHP version, used internally
+	 *
+	 * @param	int or 0
+	 * @param	int or mt_getrandmax()
+	 * @return	int
+	 */
+	function php_rand($min = NULL, $max = NULL)
+	{
+		if(!is_int($min) $min = 0;
+		if(!is_int($max) $max = mt_getrandmax();
+
+		if( is_php('7.1.99') ) return random_int($min, $max);
+
+		if (!function_exists('mcrypt_create_iv')) trigger_error( 'mcrypt must be loaded for random_int to work', E_USER_WARNING );
+
+		return mt_rand($min, $max);
+	}
+}
+
 // ------------------------------------------------------------------------
 
 if ( ! function_exists('is_really_writable'))

 		 */
 		if (is_dir($file))
 		{
-			$file = rtrim($file, '/').'/'.md5(mt_rand());
+			$file = rtrim($file, '/').'/'.md5( is_php('8.3') ? random_int(PHP_INT_MIN, PHP_INT_MAX) : php_rand((mt_getrandmax()*-1),mt_getrandmax()));
 			if (($fp = @fopen($file, 'ab')) === FALSE)
 			{
 				return FALSE;

appsys/core/Security.php


 		{
 			$rand = $this->get_random_bytes(16);
 			$this->_xss_hash = ($rand === FALSE)
-				? md5(uniqid(mt_rand(), TRUE))
+				? md5(uniqid(is_php('8.3') ? mt_rand((mt_getrandmax()*-1),mt_getrandmax()) : random_int(PHP_INT_MIN, PHP_INT_MAX), TRUE))
 				: bin2hex($rand);
 		}
 

 
 			$rand = $this->get_random_bytes(16);
 			$this->_csrf_hash = ($rand === FALSE)
-				? md5(uniqid(mt_rand(), TRUE))
+				? md5(uniqid(is_php('8.3') ? mt_rand((mt_getrandmax()*-1),mt_getrandmax()) : random_int(PHP_INT_MIN, PHP_INT_MAX), TRUE))
 				: bin2hex($rand);
 		}
 

appsys/helpers/captcha_helper.php


 		{
 			for ($i = 0; $i < $word_length; $i++)
 			{
-				$word .= $pool[mt_rand(0, $rand_max)];
+				$word .= $pool[php_rand()];
 			}
 		}
 		elseif ( ! is_string($word))

 		// Determine angle and position
 		// -----------------------------------
 		$length	= strlen($word);
-		$angle	= ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
-		$x_axis	= mt_rand(6, (360/$length)-16);
-		$y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
+		$angrd  = is_php('8.3') ? php_rand(-($length-6), ($length-6)) : random_int(-($length-6), ($length-6));
+		$angle	= ($length >= 6) ? $angrd : 0;
+		$x_axis	= php_rand(6, (360/$length)-16);
+		$y_axis = ($angle >= 0) ? php_rand($img_height, $img_width) : php_rand(6, $img_height);
 
 		// Create image
 		// PHP.net recommends imagecreatetruecolor(), but it isn't always available

 		if ($use_font === FALSE)
 		{
 			($font_size > 5) && $font_size = 5;
-			$x = mt_rand(0, $img_width / ($length / 3));
+			$x = php_rand(0, $img_width / ($length / 3));
 			$y = 0;
 		}
 		else
 		{
 			($font_size > 30) && $font_size = 30;
-			$x = mt_rand(0, $img_width / ($length / 1.5));
+			$x = php_rand(0, $img_width / ($length / 1.5));
 			$y = $font_size + 2;
 		}
 

 		{
 			if ($use_font === FALSE)
 			{
-				$y = mt_rand(0 , $img_height / 2);
+				$y = php_rand(0 , $img_height / 2);
 				imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
 				$x += ($font_size * 2);
 			}
 			else
 			{
-				$y = mt_rand($img_height / 2, $img_height - 3);
+				$y = php_rand($img_height / 2, $img_height - 3);
 				imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
 				$x += $font_size;
 			}

appsys/helpers/form_helper.php


 			}
 			else
 			{
-				$noise = mt_rand(-128, 127);
+				$noise = php_rand(-128, 127);
 			}
 
 			// Prepend if $noise has a negative value, append if positive, do nothing for zero

appsys/helpers/string_helper.php


 		switch ($type)
 		{
 			case 'basic':
-				return mt_rand();
+				return php_rand();
 			case 'alnum':
 			case 'numeric':
 			case 'nozero':

 				return substr(str_shuffle(str_repeat($pool, ceil($len / strlen($pool)))), 0, $len);
 			case 'unique': // todo: remove in 3.1+
 			case 'md5':
-				return md5(uniqid(mt_rand()));
+				return md5(uniqid(php_rand()));
 			case 'encrypt': // todo: remove in 3.1+
 			case 'sha1':
-				return sha1(uniqid(mt_rand(), TRUE));
+				return sha1(uniqid(php_rand(), TRUE));
 		}
 	}
 }

appsys/libraries/Upload.php


 	{
 		if ($this->encrypt_name === TRUE)
 		{
-			$filename = md5(uniqid(mt_rand())).$this->file_ext;
+			$filename = md5(uniqid(php_rand())).$this->file_ext;
 		}
 
 		if ($this->overwrite === TRUE OR ! file_exists($path.$filename))

—
View it on GitLab.
You're receiving this email because of your account on gitlab.com. Manage all notifications · Help

Герхард PICCORO Lenz McKAY (@mckaygerhard)

unread,

Mar 25, 2024, 2:36:14 PM3/25/24

to venenux...@googlegroups.com

Герхард PICCORO Lenz McKAY pushed to branch codeigniter2 at codeigniterpower / codeigniterpower

Commits:

67f7eb99
by mckaygerhard at 2024-03-25T14:36:36-04:00

Fix upcoming deprecation of mt_rand on newer php versions

* provide a workaround function in code/Common like is_php does
* closes https://github.com/bcit-ci/CodeIgniter/issues/6275
* related to https://github.com/pocketarc/codeigniter/issues/3#issuecomment-2017024184

7 changed files:

appsys/core/Common.php
appsys/core/Security.php
appsys/helpers/captcha_helper.php
appsys/helpers/string_helper.php
appsys/libraries/Encrypt.php
appsys/libraries/Session.php
appsys/libraries/Upload.php

Changes:

appsys/core/Common.php

...	...	@@ -57,6 +57,38 @@ if ( ! function_exists('is_php'))
57	57
58	58	// ------------------------------------------------------------------------
59	59
	60	+/**
	61

+ * implements internally the rand specific function based on PHP version, used internally

62
+ *
63
+ * @access public
64

+ * @param int or 0

+ * @param int or mt_getrandmax()

66
+ * @return int
67
+ */
68

+if ( ! function_exists('php_rand'))

69
+{
70
+ /**
71

+	 * implements internally the rand specific function based on PHP version, used internally

72
+ *
73

+ * @param int or 0

+ * @param int or mt_getrandmax()

75
+ * @return int
76
+ */
77

+	function php_rand($min = NULL, $max = NULL)

78
+ {
79

+ if(!is_int($min) $min = 0;

+		if(!is_int($max) $max = mt_getrandmax();

81
+
82

+		if( is_php('7.1.99') ) return random_int($min, $max);

83
+
84

+		if (!function_exists('mcrypt_create_iv')) trigger_error( 'mcrypt must be loaded for random_int to work', E_USER_WARNING );

	85	+
	86	+ return mt_rand($min, $max);
	87	+ }
	88	+}
	89	+
	90	+// ------------------------------------------------------------------------
	91	+
60	92	/**
61	93	* Tests for file writability
62	94	*

appsys/core/Security.php


 		if ($this->_xss_hash == '')
 		{
 			mt_srand();
-			$this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+			$this->_xss_hash = md5(time() + php_rand(0, 1999999999));
 		}
 
 		return $this->_xss_hash;

appsys/helpers/captcha_helper.php
... ... @@ -187,7 +187,7 @@ if ( ! function_exists('create_captcha'))
187

187
{
188 188

 			for ($i = 0; $i < $word_length; $i++)

189

189
{
190

-				$word .= $pool[mt_rand(0, $rand_max)];

	190	+ $word .= $pool[php_rand(0, $rand_max)];
191	191	}
192	192	}
193	193	elseif ( ! is_string($word))

appsys/helpers/string_helper.php


 	{
 		switch($type)
 		{
-			case 'basic'	: return mt_rand();
+			case 'basic'	: return php_rand();
 				break;
 			case 'alnum'	:
 			case 'numeric'	:

 					$str = '';
 					for ($i=0; $i < $len; $i++)
 					{
-						$str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
+						$str .= substr($pool, php_rand(0, strlen($pool) -1), 1);
 					}
 					return $str;
 				break;
 			case 'unique'	:
 			case 'md5'		:
 
-						return md5(uniqid(mt_rand()));
+						return md5(uniqid(php_rand()));
 				break;
 			case 'encrypt'	:
 			case 'sha1'	:

 						$CI =& get_instance();
 						$CI->load->helper('security');
 
-						return do_hash(uniqid(mt_rand(), TRUE), 'sha1');
+						return do_hash(uniqid(php_rand(), TRUE), 'sha1');
 				break;
 		}
 	}

appsys/libraries/Encrypt.php


 		$rand = '';
 		while (strlen($rand) < 32)
 		{
-			$rand .= mt_rand(0, mt_getrandmax());
+			$rand .= php_rand(0, mt_getrandmax());
 		}
 
 		$rand = $this->hash($rand);

appsys/libraries/Session.php


 		$sessid = '';
 		while (strlen($sessid) < 32)
 		{
-			$sessid .= mt_rand(0, mt_getrandmax());
+			$sessid .= php_rand(0, mt_getrandmax());
 		}
 
 		// To make the session ID even more secure we'll combine it with the user's IP

 		$new_sessid = '';
 		while (strlen($new_sessid) < 32)
 		{
-			$new_sessid .= mt_rand(0, mt_getrandmax());
+			$new_sessid .= php_rand(0, mt_getrandmax());
 		}
 
 		// To make the session ID even more secure we'll combine it with the user's IP

appsys/libraries/Upload.php
... ... @@ -397,7 +397,7 @@ class CI_Upload {
397

397
if ($this->encrypt_name == TRUE)
398

398
{
399

399
mt_srand();
400

-			$filename = md5(uniqid(mt_rand())).$this->file_ext;

+			$filename = md5(uniqid(php_rand())).$this->file_ext;

401	401	}
402	402
403	403	if ( ! file_exists($path.$filename)) // if ($this->overwrite === TRUE OR ! file_exists($path.$filename)) // permite que asigne nombre nuevo no importa si esta permitido

Reply all

Reply to author

Forward

0 new messages

...	...	@@ -612,7 +612,7 @@ class CI_Security {
612	612	{
613	613	$rand = $this->get_random_bytes(16);
614	614	$this->_xss_hash = ($rand === FALSE)
615		- ? md5(uniqid(mt_rand(), TRUE))
	615	+ ? md5(uniqid(is_php('8.3') ? mt_rand((mt_getrandmax()*-1),mt_getrandmax()) : random_int(PHP_INT_MIN, PHP_INT_MAX), TRUE))
616	616	: bin2hex($rand);
617	617	}
618	618
...	...	@@ -1101,7 +1101,7 @@ class CI_Security {
1101	1101
1102	1102	$rand = $this->get_random_bytes(16);
1103	1103	$this->_csrf_hash = ($rand === FALSE)
1104		- ? md5(uniqid(mt_rand(), TRUE))
	1104	+ ? md5(uniqid(is_php('8.3') ? mt_rand((mt_getrandmax()*-1),mt_getrandmax()) : random_int(PHP_INT_MIN, PHP_INT_MAX), TRUE))
1105	1105	: bin2hex($rand);
1106	1106	}
1107	1107

...	...	@@ -227,7 +227,7 @@ if ( ! function_exists('create_captcha'))
227	227	{
228	228	for ($i = 0; $i < $word_length; $i++)
229	229	{
230		- $word .= $pool[mt_rand(0, $rand_max)];
	230	+ $word .= $pool[php_rand()];
231	231	}
232	232	}
233	233	elseif ( ! is_string($word))
...	...	@@ -239,9 +239,10 @@ if ( ! function_exists('create_captcha'))
239	239	// Determine angle and position
240	240	// -----------------------------------
241	241	$length = strlen($word);
242		- $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
243		- $x_axis = mt_rand(6, (360/$length)-16);
244		- $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
	242	+ $angrd = is_php('8.3') ? php_rand(-($length-6), ($length-6)) : random_int(-($length-6), ($length-6));
	243	+ $angle = ($length >= 6) ? $angrd : 0;
	244	+ $x_axis = php_rand(6, (360/$length)-16);
	245	+ $y_axis = ($angle >= 0) ? php_rand($img_height, $img_width) : php_rand(6, $img_height);
245	246
246	247	// Create image
247	248	// PHP.net recommends imagecreatetruecolor(), but it isn't always available
...	...	@@ -296,13 +297,13 @@ if ( ! function_exists('create_captcha'))
296	297	if ($use_font === FALSE)
297	298	{
298	299	($font_size > 5) && $font_size = 5;
299		- $x = mt_rand(0, $img_width / ($length / 3));
	300	+ $x = php_rand(0, $img_width / ($length / 3));
300	301	$y = 0;
301	302	}
302	303	else
303	304	{
304	305	($font_size > 30) && $font_size = 30;
305		- $x = mt_rand(0, $img_width / ($length / 1.5));
	306	+ $x = php_rand(0, $img_width / ($length / 1.5));
306	307	$y = $font_size + 2;
307	308	}
308	309
...	...	@@ -310,13 +311,13 @@ if ( ! function_exists('create_captcha'))
310	311	{
311	312	if ($use_font === FALSE)
312	313	{
313		- $y = mt_rand(0 , $img_height / 2);
	314	+ $y = php_rand(0 , $img_height / 2);
314	315	imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
315	316	$x += ($font_size * 2);
316	317	}
317	318	else
318	319	{
319		- $y = mt_rand($img_height / 2, $img_height - 3);
	320	+ $y = php_rand($img_height / 2, $img_height - 3);
320	321	imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
321	322	$x += $font_size;
322	323	}

...	...	@@ -110,7 +110,7 @@ if ( ! function_exists('form_open'))
110	110	}
111	111	else
112	112	{
113		- $noise = mt_rand(-128, 127);
	113	+ $noise = php_rand(-128, 127);
114	114	}
115	115
116	116	// Prepend if $noise has a negative value, append if positive, do nothing for zero

...	...	@@ -207,7 +207,7 @@ if ( ! function_exists('random_string'))
207	207	switch ($type)
208	208	{
209	209	case 'basic':
210		- return mt_rand();
	210	+ return php_rand();
211	211	case 'alnum':
212	212	case 'numeric':
213	213	case 'nozero':
...	...	@@ -230,10 +230,10 @@ if ( ! function_exists('random_string'))
230	230	return substr(str_shuffle(str_repeat($pool, ceil($len / strlen($pool)))), 0, $len);
231	231	case 'unique': // todo: remove in 3.1+
232	232	case 'md5':
233		- return md5(uniqid(mt_rand()));
	233	+ return md5(uniqid(php_rand()));
234	234	case 'encrypt': // todo: remove in 3.1+
235	235	case 'sha1':
236		- return sha1(uniqid(mt_rand(), TRUE));
	236	+ return sha1(uniqid(php_rand(), TRUE));
237	237	}
238	238	}
239	239	}

...	...	@@ -654,7 +654,7 @@ class CI_Upload {
654	654	{
655	655	if ($this->encrypt_name === TRUE)
656	656	{
657		- $filename = md5(uniqid(mt_rand())).$this->file_ext;
	657	+ $filename = md5(uniqid(php_rand())).$this->file_ext;
658	658	}
659	659
660	660	if ($this->overwrite === TRUE OR ! file_exists($path.$filename))

...	...	@@ -74,6 +74,28 @@ if ( ! function_exists('is_php'))
74	74	}
75	75	}
76	76
	77	+if ( ! function_exists('php_rand'))
	78	+{
	79	+ /**
	80	+ * implements internally the rand specific function based on PHP version, used internally
	81	+ *
	82	+ * @param int or 0
	83	+ * @param int or mt_getrandmax()
	84	+ * @return int
	85	+ */
	86	+ function php_rand($min = NULL, $max = NULL)
	87	+ {
	88	+ if(!is_int($min) $min = 0;
	89	+ if(!is_int($max) $max = mt_getrandmax();
	90	+
	91	+ if( is_php('7.1.99') ) return random_int($min, $max);
	92	+
	93	+ if (!function_exists('mcrypt_create_iv')) trigger_error( 'mcrypt must be loaded for random_int to work', E_USER_WARNING );
	94	+
	95	+ return mt_rand($min, $max);
	96	+ }
	97	+}
	98	+
77	99	// ------------------------------------------------------------------------
78	100
79	101	if ( ! function_exists('is_really_writable'))
...	...	@@ -102,7 +124,7 @@ if ( ! function_exists('is_really_writable'))
102	124	*/
103	125	if (is_dir($file))
104	126	{
105		- $file = rtrim($file, '/').'/'.md5(mt_rand());
	127	+ $file = rtrim($file, '/').'/'.md5( is_php('8.3') ? random_int(PHP_INT_MIN, PHP_INT_MAX) : php_rand((mt_getrandmax()*-1),mt_getrandmax()));
106	128	if (($fp = @fopen($file, 'ab')) === FALSE)
107	129	{
108	130	return FALSE;

...	...	@@ -488,7 +488,7 @@ class CI_Security {
488	488	if ($this->_xss_hash == '')
489	489	{
490	490	mt_srand();
491		- $this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
	491	+ $this->_xss_hash = md5(time() + php_rand(0, 1999999999));
492	492	}
493	493
494	494	return $this->_xss_hash;

...	...	@@ -187,7 +187,7 @@ if ( ! function_exists('create_captcha'))
187	187	{
188	188

...	...	@@ -197,7 +197,7 @@ if ( ! function_exists('random_string'))
197	197	{
198	198	switch($type)
199	199	{
200		- case 'basic' : return mt_rand();
	200	+ case 'basic' : return php_rand();
201	201	break;
202	202	case 'alnum' :
203	203	case 'numeric' :
...	...	@@ -219,14 +219,14 @@ if ( ! function_exists('random_string'))
219	219	$str = '';
220	220	for ($i=0; $i < $len; $i++)
221	221	{
222		- $str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
	222	+ $str .= substr($pool, php_rand(0, strlen($pool) -1), 1);
223	223	}
224	224	return $str;
225	225	break;
226	226	case 'unique' :
227	227	case 'md5' :
228	228
229		- return md5(uniqid(mt_rand()));
	229	+ return md5(uniqid(php_rand()));
230	230	break;
231	231	case 'encrypt' :
232	232	case 'sha1' :
...	...	@@ -234,7 +234,7 @@ if ( ! function_exists('random_string'))
234	234	$CI =& get_instance();
235	235	$CI->load->helper('security');
236	236
237		- return do_hash(uniqid(mt_rand(), TRUE), 'sha1');
	237	+ return do_hash(uniqid(php_rand(), TRUE), 'sha1');
238	238	break;
239	239	}
240	240	}

...	...	@@ -247,7 +247,7 @@ class CI_Encrypt {
247	247	$rand = '';
248	248	while (strlen($rand) < 32)
249	249	{
250		- $rand .= mt_rand(0, mt_getrandmax());
	250	+ $rand .= php_rand(0, mt_getrandmax());
251	251	}
252	252
253	253	$rand = $this->hash($rand);

...	...	@@ -328,7 +328,7 @@ class CI_Session {
328	328	$sessid = '';
329	329	while (strlen($sessid) < 32)
330	330	{
331		- $sessid .= mt_rand(0, mt_getrandmax());
	331	+ $sessid .= php_rand(0, mt_getrandmax());
332	332	}
333	333
334	334	// To make the session ID even more secure we'll combine it with the user's IP
...	...	@@ -375,7 +375,7 @@ class CI_Session {
375	375	$new_sessid = '';
376	376	while (strlen($new_sessid) < 32)
377	377	{
378		- $new_sessid .= mt_rand(0, mt_getrandmax());
	378	+ $new_sessid .= php_rand(0, mt_getrandmax());
379	379	}
380	380
381	381	// To make the session ID even more secure we'll combine it with the user's IP

...	...	@@ -397,7 +397,7 @@ class CI_Upload {
397	397	if ($this->encrypt_name == TRUE)
398	398	{
399	399	mt_srand();
400

	62	+ *
	63	+ * @access public
	64

189	189	{
190