Merge 75cb771 into 72aac25

PrivateBin · Aug 15, 2016 · 69dde0f · 69dde0f
2 parents 72aac25 + 75cb771
commit 69dde0f
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 37 deletions.
diff --git a/INSTALL.md b/INSTALL.md
@@ -12,7 +12,7 @@ the options and adjust them as you see fit.
 
 - PHP version 5.3 or above
 - GD extension
-- mcrypt extension (optional, but strongly recommended)
+- [Libsodium](https://download.libsodium.org) or mcrypt extension (optional, but strongly recommended)
 - some disk space or (optional) a database supported by PDO
 - ability to create files and folders in the installation directory and the PATH
 - A web browser with javascript support

diff --git a/composer.json b/composer.json
@@ -18,7 +18,8 @@
         }
     ],
     "require": {
-        "php": "^5.3 || ^7.0",
+        "php": "^5.2.6 || ^7.0",
+        "paragonie/random_compat": "^2.0",
         "yzalis/identicon": "^1.1"
     },
     "require-dev": {

diff --git a/lib/Persistence/ServerSalt.php b/lib/Persistence/ServerSalt.php
@@ -26,6 +26,15 @@
  */
 class ServerSalt extends AbstractPersistence
 {
+    /**
+     * file where salt is saved to
+     *
+     * @access private
+     * @static
+     * @var    string
+     */
+    private static $_file = 'salt.php';
+
     /**
      * generated salt
      *
@@ -44,15 +53,7 @@ class ServerSalt extends AbstractPersistence
      */
     public static function generate()
     {
-        $randomSalt = '';
-        if (function_exists('mcrypt_create_iv')) {
-            $randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
-        } else {
-            // fallback to mt_rand()
-            for ($i = 0; $i < 256; ++$i) {
-                $randomSalt .= base_convert(mt_rand(), 10, 16);
-            }
-        }
+        $randomSalt = bin2hex(random_bytes(256));
         return $randomSalt;
     }
 
@@ -70,19 +71,18 @@ public static function get()
             return self::$_salt;
         }
 
-        $file = 'salt.php';
-        if (self::_exists($file)) {
-            if (is_readable(self::getPath($file))) {
-                $items = explode('|', file_get_contents(self::getPath($file)));
+        if (self::_exists(self::$_file)) {
+            if (is_readable(self::getPath(self::$_file))) {
+                $items = explode('|', file_get_contents(self::getPath(self::$_file)));
             }
             if (!isset($items) || !is_array($items) || count($items) != 3) {
-                throw new Exception('unable to read file ' . self::getPath($file), 20);
+                throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
             }
             self::$_salt = $items[1];
         } else {
             self::$_salt = self::generate();
             self::_store(
-                $file,
+                self::$_file,
                 '<?php /* |' . self::$_salt . '| */ ?>'
             );
         }

diff --git a/tst/Persistence/ServerSaltTest.php b/tst/Persistence/ServerSaltTest.php
@@ -43,26 +43,6 @@ public function testGeneration()
         ServerSalt::setPath($this->_path);
         $salt = ServerSalt::get();
 
-        // mcrypt mock
-        if (!function_exists('mcrypt_create_iv')) {
-            if (!defined('MCRYPT_DEV_URANDOM')) {
-                define('MCRYPT_DEV_URANDOM', 1);
-            }
-            function mcrypt_create_iv($int, $flag)
-            {
-                $randomSalt = '';
-                for ($i = 0; $i < $int; ++$i) {
-                    $randomSalt .= base_convert(mt_rand(), 10, 16);
-                }
-                // hex2bin requires an even length, pad if necessary
-                if (strlen($randomSalt) % 2) {
-                    $randomSalt = '0' . $randomSalt;
-                }
-                return hex2bin($randomSalt);
-            }
-            $this->assertNotEquals($salt, ServerSalt::generate());
-        }
-
         // try setting a different path and resetting it
         ServerSalt::setPath($this->_otherPath);
         $this->assertNotEquals($salt, ServerSalt::get());

diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php
@@ -17,6 +17,7 @@
     'PrivateBin\\Data\\Filesystem' => $baseDir . '/lib/Data/Filesystem.php',
     'PrivateBin\\Filter' => $baseDir . '/lib/Filter.php',
     'PrivateBin\\I18n' => $baseDir . '/lib/I18n.php',
+    'PrivateBin\\Json' => $baseDir . '/lib/Json.php',
     'PrivateBin\\Model' => $baseDir . '/lib/Model.php',
     'PrivateBin\\Model\\AbstractModel' => $baseDir . '/lib/Model/AbstractModel.php',
     'PrivateBin\\Model\\Comment' => $baseDir . '/lib/Model/Comment.php',

diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
@@ -42,6 +42,7 @@ class ComposerStaticInitDontChange
         'PrivateBin\\Data\\Filesystem' => __DIR__ . '/../..' . '/lib/Data/Filesystem.php',
         'PrivateBin\\Filter' => __DIR__ . '/../..' . '/lib/Filter.php',
         'PrivateBin\\I18n' => __DIR__ . '/../..' . '/lib/I18n.php',
+        'PrivateBin\\Json' => __DIR__ . '/../..' . '/lib/Json.php',
         'PrivateBin\\Model' => __DIR__ . '/../..' . '/lib/Model.php',
         'PrivateBin\\Model\\AbstractModel' => __DIR__ . '/../..' . '/lib/Model/AbstractModel.php',
         'PrivateBin\\Model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php',