Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Cleaned up everything that isn't needed for PHP 7.1 (#14511)

tags/3.0.0-alpha1
Alexander Makarov 7 years ago committed by GitHub
parent
adca091fbf
commit
a94e804ae4
14 changed files with 37 additions and 313 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 12
      docs/guide/intro-yii.md
  3. 4
      docs/guide/rest-error-handling.md
  4. 6
      docs/guide/rest-response-formatting.md
  5. 4
      docs/guide/runtime-handling-errors.md
  6. 5
      docs/guide/start-installation.md
  7. 5
      docs/guide/tutorial-performance-tuning.md
  8. 2
      docs/guide/tutorial-shared-hosting.md
  9. 2
      docs/guide/tutorial-yii-integration.md
  10. 2
      docs/internals/core-code-style.md
  11. 2
      framework/UPGRADE.md
  12. 213
      framework/base/Security.php
  13. 5
      framework/rbac/PhpManager.php
  14. 73
      tests/framework/base/SecurityTest.php

3
README.md
Unescape View File

@ -21,8 +21,7 @@ The framework is easy to adjust to meet your needs, because Yii has been designe
Installation
------------
- The minimum required PHP version of Yii is PHP 5.4.
- It works best with PHP 7.
- The minimum required PHP version of Yii 2.1 is PHP 7.1.
- [Follow the Definitive Guide](http://www.yiiframework.com/doc-2.0/guide-start-installation.html)
in order to get step by step instructions.

12
docs/guide/intro-yii.md
Unescape View File

@ -41,20 +41,20 @@ via simple and elegant interfaces.
Yii Versions
------------
Yii currently has two major versions available: 1.1 and 2.0. Version 1.1 is the old generation and is now in maintenance mode. Version 2.0 is a complete rewrite of Yii, adopting the latest
technologies and protocols, including Composer, PSR, namespaces, traits, and so forth. Version 2.0 represents the current
Yii currently has three major versions available: 1.1, 2.0 and 2.1. Version 1.1 is the old generation and is now in maintenance mode. Version 2.0 is a complete rewrite of Yii, adopting the latest
technologies and protocols, including Composer, PSR, namespaces, traits, and so forth. Version 2.1 is a cleaned up and refactored version of 2.0 that represents the current
generation of the framework and will receive the main development efforts over the next few years.
This guide is mainly about version 2.0.
This guide is mainly about version 2.1.
Requirements and Prerequisites
------------------------------
Yii 2.0 requires PHP 5.4.0 or above and runs best with the latest version of PHP 7. You can find more detailed
Yii 2.1 requires PHP 7.1 or above. You can find more detailed
requirements for individual features by running the requirement checker included in every Yii release.
Using Yii requires basic knowledge of object-oriented programming (OOP), as Yii is a pure OOP-based framework.
Yii 2.0 also makes use of the latest features of PHP, such as [namespaces](http://www.php.net/manual/en/language.namespaces.php)
Yii 2.1 also makes use of the latest features of PHP, such as [namespaces](http://www.php.net/manual/en/language.namespaces.php)
and [traits](http://www.php.net/manual/en/language.oop5.traits.php). Understanding these concepts will help
you more easily pick up Yii 2.0.
you more easily pick up Yii 2.1.

4
docs/guide/rest-error-handling.md
Unescape View File

@ -12,7 +12,7 @@ exception in the response body. For example:
```
HTTP/1.1 404 Not Found
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
@ -52,7 +52,7 @@ and enclose the actual HTTP status code as part of the JSON structure in the res
```
HTTP/1.1 200 OK
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8

6
docs/guide/rest-response-formatting.md
Unescape View File

@ -32,7 +32,7 @@ $ curl -i -H "Accept: application/json; q=1.0, */*; q=0.1" "http://localhost/use
HTTP/1.1 200 OK
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
X-Powered-By: PHP/5.4.20
X-Pagination-Total-Count: 1000
X-Pagination-Page-Count: 50
@ -112,8 +112,8 @@ You may then get the following response for request `http://localhost/users`:
```
HTTP/1.1 200 OK
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
X-Powered-By: PHP/5.4.20
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
X-Powered-By: PHP/7.1.0
X-Pagination-Total-Count: 1000
X-Pagination-Page-Count: 50
X-Pagination-Current-Page: 1

4
docs/guide/runtime-handling-errors.md
Unescape View File

@ -167,7 +167,7 @@ the following response:
```
HTTP/1.1 404 Not Found
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
@ -208,7 +208,7 @@ The above code will reformat the error response like the following:
```
HTTP/1.1 200 OK
Date: Sun, 02 Mar 2014 05:31:43 GMT
Server: Apache/2.2.26 (Unix) DAV/2 PHP/5.4.20 mod_ssl/2.2.26 OpenSSL/0.9.8y
Server: Apache/2.2.26 (Unix) DAV/2 PHP/7.1.0 mod_ssl/2.2.26 OpenSSL/0.9.8y
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8

5
docs/guide/start-installation.md
Unescape View File

@ -149,7 +149,7 @@ Yii's requirements. You can check if the minimum requirements are met using one
```
You should configure your PHP installation so that it meets the minimum requirements of Yii. Most importantly, you
should have PHP 5.4 or above. Ideally latest PHP 7. You should also install the [PDO PHP Extension](http://www.php.net/manual/en/pdo.installation.php)
should have PHP 7.1 or above. You should also install the [PDO PHP Extension](http://www.php.net/manual/en/pdo.installation.php)
and a corresponding database driver (such as `pdo_mysql` for MySQL databases), if your application needs a database.
@ -161,7 +161,8 @@ Configuring Web Servers <span id="configuring-web-servers"></span>
The application installed according to the above instructions should work out of box with either
an [Apache HTTP server](http://httpd.apache.org/) or an [Nginx HTTP server](http://nginx.org/), on
Windows, Mac OS X, or Linux running PHP 5.4 or higher.
Windows, Mac OS X, or Linux running PHP 7.1 or higher.
On a production server, you may want to configure your Web server so that the application can be accessed
via the URL `http://www.example.com/index.php` instead of `http://www.example.com/basic/web/index.php`. Such configuration

5
docs/guide/tutorial-performance-tuning.md
Unescape View File

@ -11,9 +11,8 @@ factors and explain how you can improve your application performance by adjustin
A well configured PHP environment is very important. In order to get maximum performance,
- Use the latest stable PHP version. Major releases of PHP may bring significant performance improvements.
- Enable bytecode caching with [Opcache](http://php.net/opcache) (PHP 5.5 or later) or [APC](http://php.net/apc)
(PHP 5.4). Bytecode caching avoids the time spent in parsing and including PHP scripts for every
incoming request.
- Enable bytecode caching with [Opcache](http://php.net/opcache). Bytecode caching avoids the time spent
in parsing and including PHP scripts for every incoming request.
- [Tune `realpath()` cache](https://github.com/samdark/realpath_cache_tuner).

2
docs/guide/tutorial-shared-hosting.md
Unescape View File

@ -56,7 +56,7 @@ In case of nginx you should not need any extra config files.
### Check requirements
In order to run Yii, your webserver must meet its requirements. The very minimum requirement is PHP 5.4. In order to
In order to run Yii, your webserver must meet its requirements. The very minimum requirement is PHP 7.1. In order to
check the requirements copy `requirements.php` from your root directory into the webroot directory and run it via
browser using `http://example.com/requirements.php` URL. Don't forget to delete the file afterwards.

2
docs/guide/tutorial-yii-integration.md
Unescape View File

@ -125,7 +125,7 @@ If you were using Yii 1 previously, it is likely you have a running Yii 1 applic
the whole application in Yii 2, you may just want to enhance it using some of the features only available in Yii 2.
This can be achieved as described below.
> Note: Yii 2 requires PHP 5.4 or above. You should make sure that both your server and the existing application
> Note: Yii 2.1 requires PHP 7.1 or above. You should make sure that both your server and the existing application
> support this.
First, install Yii 2 in your existing application by following the instructions given in the [last subsection](#using-yii-in-others).

2
docs/internals/core-code-style.md
Unescape View File

@ -224,7 +224,7 @@ $sql = "SELECT *"
### 5.3 arrays
For arrays we're using PHP 5.4 short array syntax.
For arrays we're using short array syntax.
#### Numerically indexed

2
framework/UPGRADE.md
Unescape View File

@ -61,7 +61,7 @@ Upgrade from Yii 2.0.x
* `::className()` method calls should be replaced with native `::class`.
* XCache and Zend data cache support was removed. Switch to another caching backends.
* Rename `InvalidParamException` usage to `InvalidArgumentException`.
* Moved masked input field widget was moved into separate extension https://github.com/yiisoft/yii2-maskedinput.
* Masked input field widget was moved into separate extension https://github.com/yiisoft/yii2-maskedinput.
Include it in your composer.json if you use it.
* If you've used ApcCache and set `useApcu` in your config, remove the option.

213
framework/base/Security.php
Unescape View File

@ -73,16 +73,7 @@ class Security extends Component
* Set as high as possible to hinder dictionary password attacks.
*/
public $derivationIterations = 100000;
/**
* @var string strategy, which should be used to generate password hash.
* Available strategies:
* - 'password_hash' - use of PHP `password_hash()` function with PASSWORD_DEFAULT algorithm.
* This option is recommended, but it requires PHP version >= 5.5.0
* - 'crypt' - use PHP `crypt()` function.
* @deprecated since version 2.0.7, [[generatePasswordHash()]] ignores [[passwordHashStrategy]] and
* uses `password_hash()` when available or `crypt()` when not.
*/
public $passwordHashStrategy;
/**
* @var int Default cost used for password hashing.
* Allowed value is between 4 and 31.
@ -240,13 +231,13 @@ class Security extends Component
}
$authKey = $this->hkdf($this->kdfHash, $key, null, $this->authKeyInfo, $keySize);
$data = $this->validateData(StringHelper::byteSubstr($data, $keySize, null), $authKey);
$data = $this->validateData(StringHelper::byteSubstr($data, $keySize), $authKey);
if ($data === false) {
return false;
}
$iv = StringHelper::byteSubstr($data, 0, $blockSize);
$encrypted = StringHelper::byteSubstr($data, $blockSize, null);
$encrypted = StringHelper::byteSubstr($data, $blockSize);
$decrypted = openssl_decrypt($encrypted, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
if ($decrypted === false) {
@ -328,7 +319,6 @@ class Security extends Component
*/
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2')) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
if ($outputKey === false) {
throw new InvalidArgumentException('Invalid parameters to hash_pbkdf2()');
@ -336,43 +326,6 @@ class Security extends Component
return $outputKey;
}
// todo: is there a nice way to reduce the code repetition in hkdf() and pbkdf2()?
$test = @hash_hmac($algo, '', '', true);
if (!$test) {
throw new InvalidArgumentException('Failed to generate HMAC with hash algorithm: ' . $algo);
}
if (is_string($iterations) && preg_match('{^\d{1,16}$}', $iterations)) {
$iterations = (int) $iterations;
}
if (!is_int($iterations) || $iterations < 1) {
throw new InvalidArgumentException('Invalid iterations');
}
if (is_string($length) && preg_match('{^\d{1,16}$}', $length)) {
$length = (int) $length;
}
if (!is_int($length) || $length < 0) {
throw new InvalidArgumentException('Invalid length');
}
$hashLength = StringHelper::byteLength($test);
$blocks = $length !== 0 ? ceil($length / $hashLength) : 1;
$outputKey = '';
for ($j = 1; $j <= $blocks; $j++) {
$hmac = hash_hmac($algo, $salt . pack('N', $j), $password, true);
$xorsum = $hmac;
for ($i = 1; $i < $iterations; $i++) {
$hmac = hash_hmac($algo, $hmac, $password, true);
$xorsum ^= $hmac;
}
$outputKey .= $xorsum;
}
if ($length !== 0) {
$outputKey = StringHelper::byteSubstr($outputKey, 0, $length);
}
return $outputKey;
}
/**
* Prefixes data with a keyed hash value so that it can later be detected if it is tampered.
* There is no need to hash inputs or outputs of [[encryptByKey()]] or [[encryptByPassword()]]
@ -422,7 +375,7 @@ class Security extends Component
$hashLength = StringHelper::byteLength($test);
if (StringHelper::byteLength($data) >= $hashLength) {
$hash = StringHelper::byteSubstr($data, 0, $hashLength);
$pureData = StringHelper::byteSubstr($data, $hashLength, null);
$pureData = StringHelper::byteSubstr($data, $hashLength);
$calculatedHash = hash_hmac($this->macHash, $pureData, $key, $rawHash);
@ -433,9 +386,6 @@ class Security extends Component
return false;
}
private $_useLibreSSL;
private $_randomFile;
/**
* Generates specified number of random bytes.
* Note that output may not be ASCII.
@ -456,94 +406,9 @@ class Security extends Component
throw new InvalidArgumentException('First parameter ($length) must be greater than 0');
}
// always use random_bytes() if it is available
if (function_exists('random_bytes')) {
return random_bytes($length);
}
// The recent LibreSSL RNGs are faster and likely better than /dev/urandom.
// Parse OPENSSL_VERSION_TEXT because OPENSSL_VERSION_NUMBER is no use for LibreSSL.
// https://bugs.php.net/bug.php?id=71143
if ($this->_useLibreSSL === null) {
$this->_useLibreSSL = defined('OPENSSL_VERSION_TEXT')
&& preg_match('{^LibreSSL (\d\d?)\.(\d\d?)\.(\d\d?)$}', OPENSSL_VERSION_TEXT, $matches)
&& (10000 * $matches[1]) + (100 * $matches[2]) + $matches[3] >= 20105;
}
// Since 5.4.0, openssl_random_pseudo_bytes() reads from CryptGenRandom on Windows instead
// of using OpenSSL library. LibreSSL is OK everywhere but don't use OpenSSL on non-Windows.
if ($this->_useLibreSSL
|| (
DIRECTORY_SEPARATOR !== '/'
&& substr_compare(PHP_OS, 'win', 0, 3, true) === 0
&& function_exists('openssl_random_pseudo_bytes')
)
) {
$key = openssl_random_pseudo_bytes($length, $cryptoStrong);
if ($cryptoStrong === false) {
throw new Exception(
'openssl_random_pseudo_bytes() set $crypto_strong false. Your PHP setup is insecure.'
);
}
if ($key !== false && StringHelper::byteLength($key) === $length) {
return $key;
}
}
// mcrypt_create_iv() does not use libmcrypt. Since PHP 5.3.7 it directly reads
// CryptGenRandom on Windows. Elsewhere it directly reads /dev/urandom.
if (function_exists('mcrypt_create_iv')) {
$key = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
if (StringHelper::byteLength($key) === $length) {
return $key;
}
}
// If not on Windows, try to open a random device.
if ($this->_randomFile === null && DIRECTORY_SEPARATOR === '/') {
// urandom is a symlink to random on FreeBSD.
$device = PHP_OS === 'FreeBSD' ? '/dev/random' : '/dev/urandom';
// Check random device for special character device protection mode. Use lstat()
// instead of stat() in case an attacker arranges a symlink to a fake device.
$lstat = @lstat($device);
if ($lstat !== false && ($lstat['mode'] & 0170000) === 020000) {
$this->_randomFile = fopen($device, 'rb') ?: null;
if (is_resource($this->_randomFile)) {
// Reduce PHP stream buffer from default 8192 bytes to optimize data
// transfer from the random device for smaller values of $length.
// This also helps to keep future randoms out of user memory space.
$bufferSize = 8;
if (function_exists('stream_set_read_buffer')) {
stream_set_read_buffer($this->_randomFile, $bufferSize);
}
}
}
}
if (is_resource($this->_randomFile)) {
$buffer = '';
$stillNeed = $length;
while ($stillNeed > 0) {
$someBytes = fread($this->_randomFile, $stillNeed);
if ($someBytes === false) {
break;
}
$buffer .= $someBytes;
$stillNeed -= StringHelper::byteLength($someBytes);
if ($stillNeed === 0) {
// Leaving file pointer open in order to make next generation faster by reusing it.
return $buffer;
}
}
fclose($this->_randomFile);
$this->_randomFile = null;
}
throw new Exception('Unable to generate a random key');
}
/**
* Generates a random string of specified length.
* The string generated matches [A-Za-z0-9_-]+ and is transparent to URL-encoding.
@ -605,21 +470,9 @@ class Security extends Component
$cost = $this->passwordHashCost;
}
if (function_exists('password_hash')) {
/* @noinspection PhpUndefinedConstantInspection */
return password_hash($password, PASSWORD_DEFAULT, ['cost' => $cost]);
}
$salt = $this->generateSalt($cost);
$hash = crypt($password, $salt);
// strlen() is safe since crypt() returns only ascii
if (!is_string($hash) || strlen($hash) !== 60) {
throw new Exception('Unknown error occurred while generating hash.');
}
return $hash;
}
/**
* Verifies a password against a hash.
* @param string $password The password to verify.
@ -635,73 +488,19 @@ class Security extends Component
throw new InvalidArgumentException('Password must be a string and cannot be empty.');
}
if (!preg_match('/^\$2[axy]\$(\d\d)\$[\.\/0-9A-Za-z]{22}/', $hash, $matches)
|| $matches[1] < 4
|| $matches[1] > 30
) {
throw new InvalidArgumentException('Hash is invalid.');
}
if (function_exists('password_verify')) {
return password_verify($password, $hash);
}
$test = crypt($password, $hash);
$n = strlen($test);
if ($n !== 60) {
return false;
}
return $this->compareString($test, $hash);
}
/**
* Generates a salt that can be used to generate a password hash.
*
* The PHP [crypt()](http://php.net/manual/en/function.crypt.php) built-in function
* requires, for the Blowfish hash algorithm, a salt string in a specific format:
* "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters
* from the alphabet "./0-9A-Za-z".
*
* @param int $cost the cost parameter
* @return string the random salt value.
* @throws InvalidArgumentException if the cost parameter is out of the range of 4 to 31.
*/
protected function generateSalt($cost = 13)
{
$cost = (int) $cost;
if ($cost < 4 || $cost > 31) {
throw new InvalidArgumentException('Cost must be between 4 and 31.');
}
// Get a 20-byte random string
$rand = $this->generateRandomKey(20);
// Form the prefix that specifies Blowfish (bcrypt) algorithm and cost parameter.
$salt = sprintf('$2y$%02d$', $cost);
// Append the random salt data in the required base64 format.
$salt .= str_replace('+', '.', substr(base64_encode($rand), 0, 22));
return $salt;
}
/**
* Performs string comparison using timing attack resistant approach.
* @see http://codereview.stackexchange.com/questions/13512
*
* @param string $expected string to compare.
* @param string $actual user-supplied string.
* @return bool whether strings are equal.
*/
public function compareString($expected, $actual)
{
$expected .= "\0";
$actual .= "\0";
$expectedLength = StringHelper::byteLength($expected);
$actualLength = StringHelper::byteLength($actual);
$diff = $expectedLength - $actualLength;
for ($i = 0; $i < $actualLength; $i++) {
$diff |= (ord($actual[$i]) ^ ord($expected[$i % $expectedLength]));
}
return $diff === 0;
return hash_equals($expected, $actual);
}
/**

5
framework/rbac/PhpManager.php
Unescape View File

@ -796,7 +796,7 @@ class PhpManager extends BaseManager
}
/**
* Invalidates precompiled script cache (such as OPCache or APC) for the given file.
* Invalidates precompiled script cache (such as OPCache) for the given file.
* @param string $file the file path.
* @since 2.0.9
*/
@ -805,9 +805,6 @@ class PhpManager extends BaseManager
if (function_exists('opcache_invalidate')) {
opcache_invalidate($file, true);
}
if (function_exists('apc_delete_file')) {
@apc_delete_file($file);
}
}
/**

73
tests/framework/base/SecurityTest.php
Unescape View File

@ -881,71 +881,8 @@ TEXT;
$key1 = $this->security->generateRandomKey($input);
}
/**
* Test the case where opening /dev/urandom fails
*/
public function testRandomKeyNoOptions()
{
static::$functions = ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false];
static::$fopen = false;
$this->expectException('yii\base\Exception');
$this->expectExceptionMessage('Unable to generate a random key');
$this->security->generateRandomKey(42);
}
/**
* Test the case where reading from /dev/urandom fails
*/
public function testRandomKeyFreadFailure()
{
static::$functions = ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false];
static::$fread = false;
$this->expectException('yii\base\Exception');
$this->expectExceptionMessage('Unable to generate a random key');
$this->security->generateRandomKey(42);
}
/**
* returns a set of different combinations of functions available.
*/
public function randomKeyVariants()
public function testGenerateRandomKey()
{
return [
[['random_bytes' => true, 'openssl_random_pseudo_bytes' => true, 'mcrypt_create_iv' => true]],
[['random_bytes' => true, 'openssl_random_pseudo_bytes' => true, 'mcrypt_create_iv' => false]],
[['random_bytes' => true, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => true]],
[['random_bytes' => true, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false]],
[['random_bytes' => false, 'openssl_random_pseudo_bytes' => true, 'mcrypt_create_iv' => true]],
[['random_bytes' => false, 'openssl_random_pseudo_bytes' => true, 'mcrypt_create_iv' => false]],
[['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => true]],
[['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false]],
];
}
/**
* @dataProvider randomKeyVariants
*/
public function testGenerateRandomKey($functions)
{
foreach ($functions as $fun => $available) {
if ($available && !\function_exists($fun)) {
$this->markTestSkipped("Can not test generateRandomKey() branch that includes $fun, because it is not available on your system.");
}
}
// there is no /dev/urandom on windows so we expect this to fail
if (DIRECTORY_SEPARATOR === '\\' && $functions['random_bytes'] === false && $functions['openssl_random_pseudo_bytes'] === false && $functions['mcrypt_create_iv'] === false) {
$this->expectException('yii\base\Exception');
$this->expectExceptionMessage('Unable to generate a random key');
}
// Function mcrypt_create_iv() is deprecated since PHP 7.1
if (version_compare(PHP_VERSION, '7.1.0alpha', '>=') && $functions['random_bytes'] === false && $functions['mcrypt_create_iv'] === true) {
$this->markTestSkipped('Function mcrypt_create_iv() is deprecated as of PHP 7.1');
}
static::$functions = $functions;
// test various string lengths
for ($length = 1; $length < 64; $length++) {
$key1 = $this->security->generateRandomKey($length);
@ -1223,18 +1160,10 @@ TEXT;
{
return [
['', ''],
[false, ''],
[null, ''],
[0, ''],
[0.00, ''],
['', null],
['', false],
['', 0],
['', "\0"],
["\0", ''],
["\0", "\0"],
['0', "\0"],
[0, "\0"],
['user', 'User'],
['password', 'password'],
['password', 'passwordpassword'],

Write Preview
Loading…
Cancel
Save