1.3.3

aloframework · Nov 18, 2015 · e64b616 · e64b616
1 parent 5ca2a1c
commit e64b616
Show file tree

Hide file tree

Showing 6 changed files with 240 additions and 209 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# 1.3.3 #
+
+The following happened to getUniqid():
+
+Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is unable to locate a 
+cryptographically strong algorithm.
+
 # 1.3.2 #
 
 ENT_SUBSTITUTE added to Alo::unXss() 

diff --git a/coverage/Alo.php.html b/coverage/Alo.php.html
diff --git a/coverage/dashboard.html b/coverage/dashboard.html
@@ -136,7 +136,7 @@ <h3>Project Risks</h3>
    <footer>
     <hr/>
     <p>
-     <small>Generated by <a href="http://github.com/sebastianbergmann/php-code-coverage" target="_top">PHP_CodeCoverage 3.0.1</a> using <a href="http://php.net/" target="_top">PHP 5.6.14</a> and <a href="http://phpunit.de/">PHPUnit 5.0.8</a> at Tue Oct 27 16:36:56 GMT 2015.</small>
+     <small>Generated by <a href="http://github.com/sebastianbergmann/php-code-coverage" target="_top">PHP_CodeCoverage 3.0.2</a> using <a href="http://php.net/" target="_top">PHP 5.6.15</a> and <a href="https://phpunit.de/">PHPUnit 5.0.9</a> at Wed Nov 18 21:06:08 GMT 2015.</small>
     </p>
    </footer>
   </div>
@@ -225,7 +225,7 @@ <h3>Project Risks</h3>
     chart.yAxis.axisLabel('Cyclomatic Complexity');
 
     d3.select('#classComplexity svg')
-      .datum(getComplexityData([[100,33,"<a href=\"Alo.php.html#14\">Alo<\/a>"]], 'Class Complexity'))
+      .datum(getComplexityData([[100,34,"<a href=\"Alo.php.html#14\">Alo<\/a>"]], 'Class Complexity'))
       .transition()
       .duration(500)
       .call(chart);
@@ -249,7 +249,7 @@ <h3>Project Risks</h3>
     chart.yAxis.axisLabel('Method Complexity');
 
     d3.select('#methodComplexity svg')
-      .datum(getComplexityData([[100,2,"<a href=\"Alo.php.html#150\">Alo::includeIfExists<\/a>"],[100,4,"<a href=\"Alo.php.html#171\">Alo::asciiRand<\/a>"],[100,2,"<a href=\"Alo.php.html#209\">Alo::getUniqid<\/a>"],[100,2,"<a href=\"Alo.php.html#238\">Alo::isIncludable<\/a>"],[100,2,"<a href=\"Alo.php.html#250\">Alo::includeOnceIfExists<\/a>"],[100,2,"<a href=\"Alo.php.html#265\">Alo::isCliRequest<\/a>"],[100,2,"<a href=\"Alo.php.html#275\">Alo::isRegularRequest<\/a>"],[100,2,"<a href=\"Alo.php.html#286\">Alo::get<\/a>"],[100,2,"<a href=\"Alo.php.html#298\">Alo::nullget<\/a>"],[100,3,"<a href=\"Alo.php.html#313\">Alo::ifnull<\/a>"],[100,2,"<a href=\"Alo.php.html#329\">Alo::ifundefined<\/a>"],[100,1,"<a href=\"Alo.php.html#338\">Alo::isAjaxRequest<\/a>"],[100,1,"<a href=\"Alo.php.html#352\">Alo::getFingerprint<\/a>"],[100,2,"<a href=\"Alo.php.html#372\">Alo::isTraversable<\/a>"],[100,4,"<a href=\"Alo.php.html#386\">Alo::unXss<\/a>"]], 'Method Complexity'))
+      .datum(getComplexityData([[100,2,"<a href=\"Alo.php.html#150\">Alo::includeIfExists<\/a>"],[100,4,"<a href=\"Alo.php.html#171\">Alo::asciiRand<\/a>"],[100,3,"<a href=\"Alo.php.html#212\">Alo::getUniqid<\/a>"],[100,2,"<a href=\"Alo.php.html#248\">Alo::isIncludable<\/a>"],[100,2,"<a href=\"Alo.php.html#260\">Alo::includeOnceIfExists<\/a>"],[100,2,"<a href=\"Alo.php.html#275\">Alo::isCliRequest<\/a>"],[100,2,"<a href=\"Alo.php.html#285\">Alo::isRegularRequest<\/a>"],[100,2,"<a href=\"Alo.php.html#296\">Alo::get<\/a>"],[100,2,"<a href=\"Alo.php.html#308\">Alo::nullget<\/a>"],[100,3,"<a href=\"Alo.php.html#323\">Alo::ifnull<\/a>"],[100,2,"<a href=\"Alo.php.html#339\">Alo::ifundefined<\/a>"],[100,1,"<a href=\"Alo.php.html#348\">Alo::isAjaxRequest<\/a>"],[100,1,"<a href=\"Alo.php.html#362\">Alo::getFingerprint<\/a>"],[100,2,"<a href=\"Alo.php.html#382\">Alo::isTraversable<\/a>"],[100,4,"<a href=\"Alo.php.html#397\">Alo::unXss<\/a>"]], 'Method Complexity'))
       .transition()
       .duration(500)
       .call(chart);

diff --git a/coverage/index.html b/coverage/index.html
@@ -108,7 +108,7 @@ <h4>Legend</h4>
      <span class="success"><strong>High</strong>: 90% to 100%</span>
     </p>
     <p>
-     <small>Generated by <a href="http://github.com/sebastianbergmann/php-code-coverage" target="_top">PHP_CodeCoverage 3.0.1</a> using <a href="http://php.net/" target="_top">PHP 5.6.14</a> and <a href="http://phpunit.de/">PHPUnit 5.0.8</a> at Tue Oct 27 16:36:56 GMT 2015.</small>
+     <small>Generated by <a href="http://github.com/sebastianbergmann/php-code-coverage" target="_top">PHP_CodeCoverage 3.0.2</a> using <a href="http://php.net/" target="_top">PHP 5.6.15</a> and <a href="https://phpunit.de/">PHPUnit 5.0.9</a> at Wed Nov 18 21:06:08 GMT 2015.</small>
     </p>
    </footer>
   </div>

diff --git a/docs/class-AloFramework.Common.Alo.html b/docs/class-AloFramework.Common.Alo.html
@@ -235,7 +235,7 @@ <h4>Since</h4>
 
 			<td class="name"><div>
 			<a class="anchor" href="#_getUniqid">#</a>
-			<code>getUniqid( <span>string <var>$hash</var> = <span class="php-quote">'sha256'</span></span>, <span>string <var>$prefix</var> = <span class="php-quote">''</span></span>, <span>integer <var>$entropy</var> = <span class="php-num">250</span></span>, <span>boolean <var>$rawOutput</var> = <span class="php-keyword1">false</span></span> )</code>
+			<code>getUniqid( <span>string <var>$hash</var> = <span class="php-quote">'sha256'</span></span>, <span>string <var>$prefix</var> = <span class="php-quote">''</span></span>, <span>integer <var>$entropy</var> = <span class="php-num">10000</span></span>, <span>boolean <var>$rawOutput</var> = <span class="php-keyword1">false</span></span> )</code>
 
 			<div class="description short">
 				<p>Generates a unique identifier</p>
@@ -269,11 +269,14 @@ <h4>Author</h4>
 					</div>
 					<h4>Since</h4>
 					<div class="list">
-							1.3<br>
+							<p>1.3.3 Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is
+unable to locate a cryptographically strong algorithm.<br/>
+        1.3</p><br>
 					</div>
 					<h4>See</h4>
 					<div class="list">
 							https://secure.php.net/manual/en/function.hash.php<br>
+							https://secure.php.net/manual/en/function.openssl-random-pseudo-bytes.php<br>
 					</div>
 					<h4>Codecoverageignore</h4>
 					<div class="list">

diff --git a/src/Alo.php b/src/Alo.php
@@ -203,10 +203,13 @@ static function asciiRand($length, $subset = self::ASCII_ALL) {
          *
          * @return string
          * @see    https://secure.php.net/manual/en/function.hash.php
-         * @since  1.3
+         * @see    https://secure.php.net/manual/en/function.openssl-random-pseudo-bytes.php
+         * @since  1.3.3 Default $entropy value set to 10000, a warning is triggered if openssl_random_pseudo_bytes is
+         * unable to locate a cryptographically strong algorithm.<br/>
+         *         1.3
          * @codeCoverageIgnore
          */
-        static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 250, $rawOutput = false) {
+        static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 10000, $rawOutput = false) {
             $str = mt_rand(~PHP_INT_MAX, PHP_INT_MAX) . json_encode([$_COOKIE,
                                                                      $_REQUEST,
                                                                      $_FILES,
@@ -217,7 +220,14 @@ static function getUniqid($hash = 'sha256', $prefix = '', $entropy = 250, $rawOu
                    self::asciiRand($entropy, self::ASCII_ALL);
 
             if (function_exists('\openssl_random_pseudo_bytes')) {
-                $str .= \openssl_random_pseudo_bytes($entropy);
+                $algoStrong = null;
+                $str .= \openssl_random_pseudo_bytes($entropy, $algoStrong);
+
+                if ($algoStrong !== true) {
+                    trigger_error('Please update your openssl & PHP libraries. openssl_random_pseudo_bytes was unable' .
+                                  ' to locate a cryptographically strong algorithm.',
+                                  E_USER_WARNING);
+                }
             } else {
                 trigger_error('The openssl extension is not enabled, therefore the unique ID is not ' .
                               'cryptographically secure.',