Bug #22369 » 13989_4-2_v3.diff
t3lib/class.t3lib_div.php (working copy) | ||
---|---|---|
if (TYPO3_OS != 'WIN' && ($fh = @fopen('/dev/urandom', 'rb'))) {
|
||
$output = fread($fh, $count);
|
||
fclose($fh);
|
||
} elseif (TYPO3_OS == 'WIN') {
|
||
if (version_compare(PHP_VERSION, '5.0.0', '>=') && class_exists('COM')) {
|
||
try {
|
||
$com = new COM('CAPICOM.Utilities.1');
|
||
$output = base64_decode($com->GetRandom($count, 0));
|
||
} catch(Exception $e) {
|
||
// CAPICOM not installed
|
||
}
|
||
} elseif (version_compare(PHP_VERSION, '5.3.0', '>=')) {
|
||
if (function_exists('mcrypt_create_iv')) {
|
||
$output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
|
||
} elseif (function_exists('openssl_random_pseudo_bytes')) {
|
||
$isStrong = null;
|
||
$output = openssl_random_pseudo_bytes($count, $isStrong);
|
||
// skip ssl since it wasn't using the strong algo
|
||
if ($isStrong !== TRUE) {
|
||
$output = '';
|
||
}
|
||
}
|
||
}
|
||
}
|
||
// fallback if /dev/urandom is not available
|
||
// fallback if other random byte generation failed until now
|
||
if (!isset($output{$count - 1})) {
|
||
// We initialize with the somewhat random.
|
||
$randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
|
||
. microtime() . getmypid();
|
||
. base_convert(memory_get_usage() % pow(10,6), 10, 2)
|
||
. microtime() . uniqid('') . getmypid();
|
||
while (!isset($output{$count - 1})) {
|
||
$randomState = md5(microtime() . mt_rand() . $randomState);
|
||
$output .= md5(mt_rand() . $randomState, true);
|
||
$randomState = sha1(microtime() . mt_rand() . $randomState);
|
||
$output .= sha1(mt_rand() . $randomState, true);
|
||
}
|
||
$output = substr($output, strlen($output) - $count, $count);
|
||
}
|
||
... | ... | |
}
|
||
/**
|
||
* Returns a hex representation of a random byte string.
|
||
*
|
||
* @param integer Number of hex characters to return
|
||
* @return string Random Bytes
|
||
*/
|
||
public static function getRandomHexString($count)
|
||
{
|
||
return substr(bin2hex(self::generateRandomBytes(intval(($count + 1) / 2))), 0, $count);
|
||
}
|
||
/**
|
||
* Checks if a given string is a Uniform Resource Locator (URL).
|
||
*
|
||
* @param string $url: The URL to be validated
|