Project

General

Profile

Download (2.44 KB)

Bug #22369 » 13989_4-1_v1.diff

Administrator Admin, 2010-04-02 12:37

View differences:

t3lib/class.t3lib_div.php (Arbeitskopie)
if (TYPO3_OS != 'WIN' && ($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
} elseif (TYPO3_OS == 'WIN' && function_exists('mcrypt_create_iv') && version_compare(PHP_VERSION, '5.3.0', '>=')) {
$output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
} elseif (TYPO3_OS == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '>=') && function_exists('openssl_random_pseudo_bytes')) {
$isStrong = null;
$output = openssl_random_pseudo_bytes($count, $isStrong);
}
// fallback if /dev/urandom is not available
if (!isset($output{$count - 1})) {
// We initialize with the somewhat random.
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
. microtime() . getmypid();
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
if (version_compare(PHP_VERSION, '4.3.2', '>=') && function_exists('memory_get_usage')) {
$randomState .= base_convert(memory_get_usage() % pow(10,6), 10, 2);
}
$randomState .= microtime() . getmypid();
while (!isset($output{$count - 1})) {
$randomState = md5(microtime() . mt_rand() . $randomState);
// Fix: Work around PHP4 allowing only one parameter to md5()
// $output .= md5(mt_rand() . $randomState, true);
$output .= pack('H*', md5(mt_rand() . $randomState));
$randomState = sha1(microtime() . mt_rand() . $randomState);
// Fix: Work around PHP4 allowing only one parameter to sha1()
// $output .= sha1(mt_rand() . $randomState, true);
$output .= pack('H*', sha1(mt_rand() . $randomState));
}
$output = substr($output, strlen($output) - $count, $count);
}
t3lib/class.t3lib_userauth.php (Arbeitskopie)
// If new session or client tries to fix session...
if (!$id || !$this->isExistingSessionRecord($id)) {
// New random session-$id is made
$id = substr(md5(uniqid('').getmypid()),0,$this->hash_length);
$id = substr(bin2hex(t3lib_div::generateRandomBytes(($this->hash_length + 1) / 2)), 0, $this->hash_length);
// New session
$this->newSessionID = TRUE;
}
(7-7/19)