Browse Source

updating random_compat library to 2.0.15 (not upgrading identicon, would raise PHP requirements to 5.5)

El RIDO 11 months ago
parent
commit
fd6c18e573

+ 1 - 1
composer.json

@@ -13,7 +13,7 @@
     },
     "require": {
         "php": "^5.4.0 || ^7.0",
-        "paragonie/random_compat": "2.0.4",
+        "paragonie/random_compat": "2.0.15",
         "yzalis/identicon": "1.1.0"
     },
     "require-dev": {

+ 1 - 1
vendor/autoload.php

@@ -2,6 +2,6 @@
 
 // autoload.php @generated by Composer
 
-require_once __DIR__ . '/composer' . '/autoload_real.php';
+require_once __DIR__ . '/composer/autoload_real.php';
 
 return ComposerAutoloaderInitDontChange::getLoader();

+ 46 - 14
vendor/composer/ClassLoader.php

@@ -53,8 +53,9 @@ class ClassLoader
 
     private $useIncludePath = false;
     private $classMap = array();
-
     private $classMapAuthoritative = false;
+    private $missingClasses = array();
+    private $apcuPrefix;
 
     public function getPrefixes()
     {
@@ -272,6 +273,26 @@ class ClassLoader
     }
 
     /**
+     * APCu prefix to use to cache found/not-found classes, if the extension is enabled.
+     *
+     * @param string|null $apcuPrefix
+     */
+    public function setApcuPrefix($apcuPrefix)
+    {
+        $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
+    }
+
+    /**
+     * The APCu prefix in use, or null if APCu caching is not enabled.
+     *
+     * @return string|null
+     */
+    public function getApcuPrefix()
+    {
+        return $this->apcuPrefix;
+    }
+
+    /**
      * Registers this instance as an autoloader.
      *
      * @param bool $prepend Whether to prepend the autoloader or not
@@ -313,29 +334,34 @@ class ClassLoader
      */
     public function findFile($class)
     {
-        // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
-        if ('\\' == $class[0]) {
-            $class = substr($class, 1);
-        }
-
         // class map lookup
         if (isset($this->classMap[$class])) {
             return $this->classMap[$class];
         }
-        if ($this->classMapAuthoritative) {
+        if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) {
             return false;
         }
+        if (null !== $this->apcuPrefix) {
+            $file = apcu_fetch($this->apcuPrefix.$class, $hit);
+            if ($hit) {
+                return $file;
+            }
+        }
 
         $file = $this->findFileWithExtension($class, '.php');
 
         // Search for Hack files if we are running on HHVM
-        if ($file === null && defined('HHVM_VERSION')) {
+        if (false === $file && defined('HHVM_VERSION')) {
             $file = $this->findFileWithExtension($class, '.hh');
         }
 
-        if ($file === null) {
+        if (null !== $this->apcuPrefix) {
+            apcu_add($this->apcuPrefix.$class, $file);
+        }
+
+        if (false === $file) {
             // Remember that this class does not exist.
-            return $this->classMap[$class] = false;
+            $this->missingClasses[$class] = true;
         }
 
         return $file;
@@ -348,10 +374,14 @@ class ClassLoader
 
         $first = $class[0];
         if (isset($this->prefixLengthsPsr4[$first])) {
-            foreach ($this->prefixLengthsPsr4[$first] as $prefix => $length) {
-                if (0 === strpos($class, $prefix)) {
-                    foreach ($this->prefixDirsPsr4[$prefix] as $dir) {
-                        if (file_exists($file = $dir . DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $length))) {
+            $subPath = $class;
+            while (false !== $lastPos = strrpos($subPath, '\\')) {
+                $subPath = substr($subPath, 0, $lastPos);
+                $search = $subPath.'\\';
+                if (isset($this->prefixDirsPsr4[$search])) {
+                    $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1);
+                    foreach ($this->prefixDirsPsr4[$search] as $dir) {
+                        if (file_exists($file = $dir . $pathEnd)) {
                             return $file;
                         }
                     }
@@ -399,6 +429,8 @@ class ClassLoader
         if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
             return $file;
         }
+
+        return false;
     }
 }
 

+ 1 - 1
vendor/composer/autoload_real.php

@@ -23,7 +23,7 @@ class ComposerAutoloaderInitDontChange
         self::$loader = $loader = new \Composer\Autoload\ClassLoader();
         spl_autoload_unregister(array('ComposerAutoloaderInitDontChange', 'loadClassLoader'));
 
-        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION');
+        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
         if ($useStaticLoader) {
             require_once __DIR__ . '/autoload_static.php';
 

+ 8 - 8
vendor/paragonie/random_compat/lib/byte_safe_strings.php

@@ -5,7 +5,7 @@
  *
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -51,7 +51,7 @@ if (!is_callable('RandomCompat_strlen')) {
                 );
             }
 
-            return mb_strlen($binary_string, '8bit');
+            return (int) mb_strlen($binary_string, '8bit');
         }
 
     } else {
@@ -73,7 +73,7 @@ if (!is_callable('RandomCompat_strlen')) {
                     'RandomCompat_strlen() expects a string'
                 );
             }
-            return strlen($binary_string);
+            return (int) strlen($binary_string);
         }
     }
 }
@@ -118,7 +118,7 @@ if (!is_callable('RandomCompat_substr')) {
                  * mb_substr($str, 0, NULL, '8bit') returns an empty string on
                  * PHP 5.3, so we have to find the length ourselves.
                  */
-                $length = RandomCompat_strlen($length) - $start;
+                $length = RandomCompat_strlen($binary_string) - $start;
             } elseif (!is_int($length)) {
                 throw new TypeError(
                     'RandomCompat_substr(): Third argument should be an integer, or omitted'
@@ -130,10 +130,10 @@ if (!is_callable('RandomCompat_substr')) {
                 return '';
             }
             if ($start > RandomCompat_strlen($binary_string)) {
-                return false;
+                return '';
             }
 
-            return mb_substr($binary_string, $start, $length, '8bit');
+            return (string) mb_substr($binary_string, $start, $length, '8bit');
         }
 
     } else {
@@ -172,10 +172,10 @@ if (!is_callable('RandomCompat_substr')) {
                     );
                 }
 
-                return substr($binary_string, $start, $length);
+                return (string) substr($binary_string, $start, $length);
             }
 
-            return substr($binary_string, $start);
+            return (string) substr($binary_string, $start);
         }
     }
 }

+ 14 - 10
vendor/paragonie/random_compat/lib/cast_to_int.php

@@ -5,7 +5,7 @@
  *
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -38,15 +38,18 @@ if (!is_callable('RandomCompat_intval')) {
      * through.
      * 
      * @param int|float $number    The number we want to convert to an int
-     * @param boolean   $fail_open Set to true to not throw an exception
+     * @param bool      $fail_open Set to true to not throw an exception
      * 
-     * @return int (or float if $fail_open)
+     * @return float|int
+     * @psalm-suppress InvalidReturnType
      *
      * @throws TypeError
      */
     function RandomCompat_intval($number, $fail_open = false)
     {
-        if (is_numeric($number)) {
+        if (is_int($number) || is_float($number)) {
+            $number += 0;
+        } elseif (is_numeric($number)) {
             $number += 0;
         }
 
@@ -60,12 +63,13 @@ if (!is_callable('RandomCompat_intval')) {
             $number = (int) $number;
         }
 
-        if (is_int($number) || $fail_open) {
-            return $number;
+        if (is_int($number)) {
+            return (int) $number;
+        } elseif (!$fail_open) {
+            throw new TypeError(
+                'Expected an integer.'
+            );
         }
-
-        throw new TypeError(
-            'Expected an integer.'
-        );
+        return $number;
     }
 }

+ 1 - 1
vendor/paragonie/random_compat/lib/error_polyfill.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

+ 157 - 146
vendor/paragonie/random_compat/lib/random.php

@@ -3,12 +3,12 @@
  * Random_* Compatibility Library
  * for using the new PHP 7 random_* API in PHP 5 projects
  *
- * @version 2.0.4
- * @released 2016-11-07
+ * @version 2.0.15
+ * @released 2018-06-08
  *
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -44,172 +44,183 @@ if (!defined('PHP_VERSION_ID')) {
 /**
  * PHP 7.0.0 and newer have these functions natively.
  */
-if (PHP_VERSION_ID < 70000) {
-    if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
-        define('RANDOM_COMPAT_READ_BUFFER', 8);
-    }
+if (PHP_VERSION_ID >= 70000) {
+    return;
+}
 
-    $RandomCompatDIR = dirname(__FILE__);
+if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
+    define('RANDOM_COMPAT_READ_BUFFER', 8);
+}
 
-    require_once $RandomCompatDIR.'/byte_safe_strings.php';
-    require_once $RandomCompatDIR.'/cast_to_int.php';
-    require_once $RandomCompatDIR.'/error_polyfill.php';
+$RandomCompatDIR = dirname(__FILE__);
 
-    if (!is_callable('random_bytes')) {
-        /**
-         * PHP 5.2.0 - 5.6.x way to implement random_bytes()
-         *
-         * We use conditional statements here to define the function in accordance
-         * to the operating environment. It's a micro-optimization.
-         *
-         * In order of preference:
-         *   1. Use libsodium if available.
-         *   2. fread() /dev/urandom if available (never on Windows)
-         *   3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
-         *   4. COM('CAPICOM.Utilities.1')->GetRandom()
-         *   5. openssl_random_pseudo_bytes() (absolute last resort)
-         *
-         * See RATIONALE.md for our reasoning behind this particular order
-         */
-        if (extension_loaded('libsodium')) {
-            // See random_bytes_libsodium.php
-            if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
-                require_once $RandomCompatDIR.'/random_bytes_libsodium.php';
-            } elseif (method_exists('Sodium', 'randombytes_buf')) {
-                require_once $RandomCompatDIR.'/random_bytes_libsodium_legacy.php';
-            }
+require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'byte_safe_strings.php';
+require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'cast_to_int.php';
+require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'error_polyfill.php';
+
+if (!is_callable('random_bytes')) {
+    /**
+     * PHP 5.2.0 - 5.6.x way to implement random_bytes()
+     *
+     * We use conditional statements here to define the function in accordance
+     * to the operating environment. It's a micro-optimization.
+     *
+     * In order of preference:
+     *   1. Use libsodium if available.
+     *   2. fread() /dev/urandom if available (never on Windows)
+     *   3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
+     *   4. COM('CAPICOM.Utilities.1')->GetRandom()
+     *
+     * See RATIONALE.md for our reasoning behind this particular order
+     */
+    if (extension_loaded('libsodium')) {
+        // See random_bytes_libsodium.php
+        if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
+            require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_bytes_libsodium.php';
+        } elseif (method_exists('Sodium', 'randombytes_buf')) {
+            require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_bytes_libsodium_legacy.php';
         }
+    }
 
-        /**
-         * Reading directly from /dev/urandom:
-         */
-        if (DIRECTORY_SEPARATOR === '/') {
-            // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
-            // way to exclude Windows.
-            $RandomCompatUrandom = true;
-            $RandomCompat_basedir = ini_get('open_basedir');
-
-            if (!empty($RandomCompat_basedir)) {
-                $RandomCompat_open_basedir = explode(
-                    PATH_SEPARATOR,
-                    strtolower($RandomCompat_basedir)
-                );
-                $RandomCompatUrandom = (array() !== array_intersect(
-                    array('/dev', '/dev/', '/dev/urandom'),
-                    $RandomCompat_open_basedir
-                ));
-                $RandomCompat_open_basedir = null;
-            }
+    /**
+     * Reading directly from /dev/urandom:
+     */
+    if (DIRECTORY_SEPARATOR === '/') {
+        // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
+        // way to exclude Windows.
+        $RandomCompatUrandom = true;
+        $RandomCompat_basedir = ini_get('open_basedir');
 
-            if (
-                !is_callable('random_bytes')
-                &&
-                $RandomCompatUrandom
-                &&
-                @is_readable('/dev/urandom')
-            ) {
-                // Error suppression on is_readable() in case of an open_basedir
-                // or safe_mode failure. All we care about is whether or not we
-                // can read it at this point. If the PHP environment is going to
-                // panic over trying to see if the file can be read in the first
-                // place, that is not helpful to us here.
-
-                // See random_bytes_dev_urandom.php
-                require_once $RandomCompatDIR.'/random_bytes_dev_urandom.php';
-            }
-            // Unset variables after use
-            $RandomCompat_basedir = null;
-        } else {
-            $RandomCompatUrandom = false;
+        if (!empty($RandomCompat_basedir)) {
+            $RandomCompat_open_basedir = explode(
+                PATH_SEPARATOR,
+                strtolower($RandomCompat_basedir)
+            );
+            $RandomCompatUrandom = (array() !== array_intersect(
+                array('/dev', '/dev/', '/dev/urandom'),
+                $RandomCompat_open_basedir
+            ));
+            $RandomCompat_open_basedir = null;
         }
 
-        /**
-         * mcrypt_create_iv()
-         *
-         * We only want to use mcypt_create_iv() if:
-         *
-         * - random_bytes() hasn't already been defined
-         * - PHP >= 5.3.7
-         * - the mcrypt extensions is loaded
-         * - One of these two conditions is true:
-         *   - We're on Windows (DIRECTORY_SEPARATOR !== '/')
-         *   - We're not on Windows and /dev/urandom is readabale
-         *     (i.e. we're not in a chroot jail)
-         * - Special case:
-         *   - If we're not on Windows, but the PHP version is between
-         *     5.6.10 and 5.6.12, we don't want to use mcrypt. It will
-         *     hang indefinitely. This is bad.
-         */
         if (
             !is_callable('random_bytes')
             &&
-            PHP_VERSION_ID >= 50307
+            $RandomCompatUrandom
             &&
-            extension_loaded('mcrypt')
+            @is_readable('/dev/urandom')
         ) {
-            // Prevent this code from hanging indefinitely on non-Windows;
-            // see https://bugs.php.net/bug.php?id=69833
-            if (
-                DIRECTORY_SEPARATOR !== '/' || 
-                (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
-            ) {
-                // See random_bytes_mcrypt.php
-                require_once $RandomCompatDIR.'/random_bytes_mcrypt.php';
-            }
+            // Error suppression on is_readable() in case of an open_basedir
+            // or safe_mode failure. All we care about is whether or not we
+            // can read it at this point. If the PHP environment is going to
+            // panic over trying to see if the file can be read in the first
+            // place, that is not helpful to us here.
+
+            // See random_bytes_dev_urandom.php
+            require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_bytes_dev_urandom.php';
         }
-        $RandomCompatUrandom = null;
+        // Unset variables after use
+        $RandomCompat_basedir = null;
+    } else {
+        $RandomCompatUrandom = false;
+    }
 
-        /**
-         * This is a Windows-specific fallback, for when the mcrypt extension
-         * isn't loaded.
-         */
-        if (
-            !is_callable('random_bytes')
-            &&
-            extension_loaded('com_dotnet')
-            &&
-            class_exists('COM')
-        ) {
-            $RandomCompat_disabled_classes = preg_split(
-                '#\s*,\s*#',
-                strtolower(ini_get('disable_classes'))
-            );
+    /**
+     * mcrypt_create_iv()
+     *
+     * We only want to use mcypt_create_iv() if:
+     *
+     * - random_bytes() hasn't already been defined
+     * - the mcrypt extensions is loaded
+     * - One of these two conditions is true:
+     *   - We're on Windows (DIRECTORY_SEPARATOR !== '/')
+     *   - We're not on Windows and /dev/urandom is readabale
+     *     (i.e. we're not in a chroot jail)
+     * - Special case:
+     *   - If we're not on Windows, but the PHP version is between
+     *     5.6.10 and 5.6.12, we don't want to use mcrypt. It will
+     *     hang indefinitely. This is bad.
+     *   - If we're on Windows, we want to use PHP >= 5.3.7 or else
+     *     we get insufficient entropy errors.
+     */
+    if (
+        !is_callable('random_bytes')
+        &&
+        // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
+        (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
+        &&
+        // Prevent this code from hanging indefinitely on non-Windows;
+        // see https://bugs.php.net/bug.php?id=69833
+        (
+            DIRECTORY_SEPARATOR !== '/' ||
+            (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
+        )
+        &&
+        extension_loaded('mcrypt')
+    ) {
+        // See random_bytes_mcrypt.php
+        require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_bytes_mcrypt.php';
+    }
+    $RandomCompatUrandom = null;
 
-            if (!in_array('com', $RandomCompat_disabled_classes)) {
-                try {
-                    $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
-                    if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
-                        // See random_bytes_com_dotnet.php
-                        require_once $RandomCompatDIR.'/random_bytes_com_dotnet.php';
-                    }
-                } catch (com_exception $e) {
-                    // Don't try to use it.
+    /**
+     * This is a Windows-specific fallback, for when the mcrypt extension
+     * isn't loaded.
+     */
+    if (
+        !is_callable('random_bytes')
+        &&
+        extension_loaded('com_dotnet')
+        &&
+        class_exists('COM')
+    ) {
+        $RandomCompat_disabled_classes = preg_split(
+            '#\s*,\s*#',
+            strtolower(ini_get('disable_classes'))
+        );
+
+        if (!in_array('com', $RandomCompat_disabled_classes)) {
+            try {
+                $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
+                if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
+                    // See random_bytes_com_dotnet.php
+                    require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_bytes_com_dotnet.php';
                 }
+            } catch (com_exception $e) {
+                // Don't try to use it.
             }
-            $RandomCompat_disabled_classes = null;
-            $RandomCompatCOMtest = null;
         }
+        $RandomCompat_disabled_classes = null;
+        $RandomCompatCOMtest = null;
+    }
 
+    /**
+     * throw new Exception
+     */
+    if (!is_callable('random_bytes')) {
         /**
-         * throw new Exception
+         * We don't have any more options, so let's throw an exception right now
+         * and hope the developer won't let it fail silently.
+         *
+         * @param mixed $length
+         * @psalm-suppress MissingReturnType
+         * @psalm-suppress InvalidReturnType
+         * @throws Exception
+         * @return string
          */
-        if (!is_callable('random_bytes')) {
-            /**
-             * We don't have any more options, so let's throw an exception right now
-             * and hope the developer won't let it fail silently.
-             */
-            function random_bytes($length)
-            {
-                throw new Exception(
-                    'There is no suitable CSPRNG installed on your system'
-                );
-            }
+        function random_bytes($length)
+        {
+            unset($length); // Suppress "variable not used" warnings.
+            throw new Exception(
+                'There is no suitable CSPRNG installed on your system'
+            );
+            return '';
         }
     }
+}
 
-    if (!is_callable('random_int')) {
-        require_once $RandomCompatDIR.'/random_int.php';
-    }
-
-    $RandomCompatDIR = null;
+if (!is_callable('random_int')) {
+    require_once $RandomCompatDIR . DIRECTORY_SEPARATOR . 'random_int.php';
 }
+
+$RandomCompatDIR = null;

+ 6 - 1
vendor/paragonie/random_compat/lib/random_bytes_com_dotnet.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  * 
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -55,6 +55,11 @@ if (!is_callable('random_bytes')) {
         }
 
         $buf = '';
+        if (!class_exists('COM')) {
+            throw new Error(
+                'COM does not exist'
+            );
+        }
         $util = new COM('CAPICOM.Utilities.1');
         $execCount = 0;
 

+ 27 - 10
vendor/paragonie/random_compat/lib/random_bytes_dev_urandom.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -104,33 +104,50 @@ if (!is_callable('random_bytes')) {
          * page load.
          */
         if (!empty($fp)) {
+            /**
+             * @var int
+             */
             $remaining = $bytes;
+
+            /**
+             * @var string|bool
+             */
             $buf = '';
 
             /**
              * We use fread() in a loop to protect against partial reads
              */
             do {
+                /**
+                 * @var string|bool
+                 */
                 $read = fread($fp, $remaining);
-                if ($read === false) {
-                    /**
-                     * We cannot safely read from the file. Exit the
-                     * do-while loop and trigger the exception condition
-                     */
-                    $buf = false;
-                    break;
+                if (!is_string($read)) {
+                    if ($read === false) {
+                        /**
+                         * We cannot safely read from the file. Exit the
+                         * do-while loop and trigger the exception condition
+                         *
+                         * @var string|bool
+                         */
+                        $buf = false;
+                        break;
+                    }
                 }
                 /**
                  * Decrease the number of bytes returned from remaining
                  */
                 $remaining -= RandomCompat_strlen($read);
-                $buf .= $read;
+                /**
+                 * @var string|bool
+                 */
+                $buf = $buf . $read;
             } while ($remaining > 0);
 
             /**
              * Is our result valid?
              */
-            if ($buf !== false) {
+            if (is_string($buf)) {
                 if (RandomCompat_strlen($buf) === $bytes) {
                     /**
                      * Return our random entropy buffer here:

+ 1 - 1
vendor/paragonie/random_compat/lib/random_bytes_libsodium.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

+ 9 - 5
vendor/paragonie/random_compat/lib/random_bytes_libsodium_legacy.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -57,22 +57,26 @@ if (!is_callable('random_bytes')) {
         }
 
         /**
+         * @var string
+         */
+        $buf = '';
+
+        /**
          * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
          * generated in one invocation.
          */
         if ($bytes > 2147483647) {
-            $buf = '';
             for ($i = 0; $i < $bytes; $i += 1073741824) {
                 $n = ($bytes - $i) > 1073741824
                     ? 1073741824
                     : $bytes - $i;
-                $buf .= Sodium::randombytes_buf($n);
+                $buf .= Sodium::randombytes_buf((int) $n);
             }
         } else {
-            $buf = Sodium::randombytes_buf($bytes);
+            $buf .= Sodium::randombytes_buf((int) $bytes);
         }
 
-        if ($buf !== false) {
+        if (is_string($buf)) {
             if (RandomCompat_strlen($buf) === $bytes) {
                 return $buf;
             }

+ 1 - 1
vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php

@@ -5,7 +5,7 @@
  * 
  * The MIT License (MIT)
  *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
+ * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal

+ 159 - 160
vendor/paragonie/random_compat/lib/random_int.php

@@ -1,191 +1,190 @@
 <?php
-/**
- * Random_* Compatibility Library 
- * for using the new PHP 7 random_* API in PHP 5 projects
- * 
- * The MIT License (MIT)
- *
- * Copyright (c) 2015 - 2016 Paragon Initiative Enterprises
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-/**
- * Fetch a random integer between $min and $max inclusive
- * 
- * @param int $min
- * @param int $max
- * 
- * @throws Exception
- * 
- * @return int
- */
-function random_int($min, $max)
-{
-    /**
-     * Type and input logic checks
-     * 
-     * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
-     * (non-inclusive), it will sanely cast it to an int. If you it's equal to
-     * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats 
-     * lose precision, so the <= and => operators might accidentally let a float
-     * through.
-     */
-    
-    try {
-        $min = RandomCompat_intval($min);
-    } catch (TypeError $ex) {
-        throw new TypeError(
-            'random_int(): $min must be an integer'
-        );
-    }
 
-    try {
-        $max = RandomCompat_intval($max);
-    } catch (TypeError $ex) {
-        throw new TypeError(
-            'random_int(): $max must be an integer'
-        );
-    }
-    
+if (!is_callable('random_int')) {
     /**
-     * Now that we've verified our weak typing system has given us an integer,
-     * let's validate the logic then we can move forward with generating random
-     * integers along a given range.
+     * Random_* Compatibility Library
+     * for using the new PHP 7 random_* API in PHP 5 projects
+     *
+     * The MIT License (MIT)
+     *
+     * Copyright (c) 2015 - 2018 Paragon Initiative Enterprises
+     *
+     * Permission is hereby granted, free of charge, to any person obtaining a copy
+     * of this software and associated documentation files (the "Software"), to deal
+     * in the Software without restriction, including without limitation the rights
+     * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+     * copies of the Software, and to permit persons to whom the Software is
+     * furnished to do so, subject to the following conditions:
+     *
+     * The above copyright notice and this permission notice shall be included in
+     * all copies or substantial portions of the Software.
+     *
+     * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+     * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+     * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+     * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+     * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+     * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+     * SOFTWARE.
      */
-    if ($min > $max) {
-        throw new Error(
-            'Minimum value must be less than or equal to the maximum value'
-        );
-    }
-
-    if ($max === $min) {
-        return $min;
-    }
 
     /**
-     * Initialize variables to 0
-     * 
-     * We want to store:
-     * $bytes => the number of random bytes we need
-     * $mask => an integer bitmask (for use with the &) operator
-     *          so we can minimize the number of discards
+     * Fetch a random integer between $min and $max inclusive
+     *
+     * @param int $min
+     * @param int $max
+     *
+     * @throws Exception
+     *
+     * @return int
      */
-    $attempts = $bits = $bytes = $mask = $valueShift = 0;
-
-    /**
-     * At this point, $range is a positive number greater than 0. It might
-     * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
-     * a float and we will lose some precision.
-     */
-    $range = $max - $min;
-
-    /**
-     * Test for integer overflow:
-     */
-    if (!is_int($range)) {
-
+    function random_int($min, $max)
+    {
         /**
-         * Still safely calculate wider ranges.
-         * Provided by @CodesInChaos, @oittaa
-         * 
-         * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
-         * 
-         * We use ~0 as a mask in this case because it generates all 1s
-         * 
-         * @ref https://eval.in/400356 (32-bit)
-         * @ref http://3v4l.org/XX9r5  (64-bit)
+         * Type and input logic checks
+         *
+         * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
+         * (non-inclusive), it will sanely cast it to an int. If you it's equal to
+         * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
+         * lose precision, so the <= and => operators might accidentally let a float
+         * through.
          */
-        $bytes = PHP_INT_SIZE;
-        $mask = ~0;
 
-    } else {
+        try {
+            $min = RandomCompat_intval($min);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_int(): $min must be an integer'
+            );
+        }
 
-        /**
-         * $bits is effectively ceil(log($range, 2)) without dealing with 
-         * type juggling
-         */
-        while ($range > 0) {
-            if ($bits % 8 === 0) {
-               ++$bytes;
-            }
-            ++$bits;
-            $range >>= 1;
-            $mask = $mask << 1 | 1;
+        try {
+            $max = RandomCompat_intval($max);
+        } catch (TypeError $ex) {
+            throw new TypeError(
+                'random_int(): $max must be an integer'
+            );
         }
-        $valueShift = $min;
-    }
 
-    /**
-     * Now that we have our parameters set up, let's begin generating
-     * random integers until one falls between $min and $max
-     */
-    do {
         /**
-         * The rejection probability is at most 0.5, so this corresponds
-         * to a failure probability of 2^-128 for a working RNG
+         * Now that we've verified our weak typing system has given us an integer,
+         * let's validate the logic then we can move forward with generating random
+         * integers along a given range.
          */
-        if ($attempts > 128) {
-            throw new Exception(
-                'random_int: RNG is broken - too many rejections'
+        if ($min > $max) {
+            throw new Error(
+                'Minimum value must be less than or equal to the maximum value'
             );
         }
 
+        if ($max === $min) {
+            return (int) $min;
+        }
+
         /**
-         * Let's grab the necessary number of random bytes
+         * Initialize variables to 0
+         *
+         * We want to store:
+         * $bytes => the number of random bytes we need
+         * $mask => an integer bitmask (for use with the &) operator
+         *          so we can minimize the number of discards
          */
-        $randomByteString = random_bytes($bytes);
-        if ($randomByteString === false) {
-            throw new Exception(
-                'Random number generator failure'
-            );
-        }
+        $attempts = $bits = $bytes = $mask = $valueShift = 0;
 
         /**
-         * Let's turn $randomByteString into an integer
-         * 
-         * This uses bitwise operators (<< and |) to build an integer
-         * out of the values extracted from ord()
-         * 
-         * Example: [9F] | [6D] | [32] | [0C] =>
-         *   159 + 27904 + 3276800 + 201326592 =>
-         *   204631455
+         * At this point, $range is a positive number greater than 0. It might
+         * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
+         * a float and we will lose some precision.
          */
-        $val = 0;
-        for ($i = 0; $i < $bytes; ++$i) {
-            $val |= ord($randomByteString[$i]) << ($i * 8);
-        }
+        $range = $max - $min;
 
         /**
-         * Apply mask
+         * Test for integer overflow:
          */
-        $val &= $mask;
-        $val += $valueShift;
+        if (!is_int($range)) {
+
+            /**
+             * Still safely calculate wider ranges.
+             * Provided by @CodesInChaos, @oittaa
+             *
+             * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
+             *
+             * We use ~0 as a mask in this case because it generates all 1s
+             *
+             * @ref https://eval.in/400356 (32-bit)
+             * @ref http://3v4l.org/XX9r5  (64-bit)
+             */
+            $bytes = PHP_INT_SIZE;
+            $mask = ~0;
 
-        ++$attempts;
+        } else {
+
+            /**
+             * $bits is effectively ceil(log($range, 2)) without dealing with
+             * type juggling
+             */
+            while ($range > 0) {
+                if ($bits % 8 === 0) {
+                    ++$bytes;
+                }
+                ++$bits;
+                $range >>= 1;
+                $mask = $mask << 1 | 1;
+            }
+            $valueShift = $min;
+        }
+
+        $val = 0;
         /**
-         * If $val overflows to a floating point number,
-         * ... or is larger than $max,
-         * ... or smaller than $min,
-         * then try again.
+         * Now that we have our parameters set up, let's begin generating
+         * random integers until one falls between $min and $max
          */
-    } while (!is_int($val) || $val > $max || $val < $min);
+        do {
+            /**
+             * The rejection probability is at most 0.5, so this corresponds
+             * to a failure probability of 2^-128 for a working RNG
+             */
+            if ($attempts > 128) {
+                throw new Exception(
+                    'random_int: RNG is broken - too many rejections'
+                );
+            }
+
+            /**
+             * Let's grab the necessary number of random bytes
+             */
+            $randomByteString = random_bytes($bytes);
 
-    return (int) $val;
+            /**
+             * Let's turn $randomByteString into an integer
+             *
+             * This uses bitwise operators (<< and |) to build an integer
+             * out of the values extracted from ord()
+             *
+             * Example: [9F] | [6D] | [32] | [0C] =>
+             *   159 + 27904 + 3276800 + 201326592 =>
+             *   204631455
+             */
+            $val &= 0;
+            for ($i = 0; $i < $bytes; ++$i) {
+                $val |= ord($randomByteString[$i]) << ($i * 8);
+            }
+
+            /**
+             * Apply mask
+             */
+            $val &= $mask;
+            $val += $valueShift;
+
+            ++$attempts;
+            /**
+             * If $val overflows to a floating point number,
+             * ... or is larger than $max,
+             * ... or smaller than $min,
+             * then try again.
+             */
+        } while (!is_int($val) || $val > $max || $val < $min);
+
+        return (int) $val;
+    }
 }

+ 9 - 0
vendor/paragonie/random_compat/psalm-autoload.php

@@ -0,0 +1,9 @@
+<?php
+
+require_once 'lib/byte_safe_strings.php';
+require_once 'lib/cast_to_int.php';
+require_once 'lib/error_polyfill.php';
+require_once 'other/ide_stubs/libsodium.php';
+require_once 'lib/random.php';
+
+$int = random_int(0, 65536);