Permalink
Browse files

Merge 2.5.3 into master.

Conflicts:
	installation/CHANGELOG
  • Loading branch information...
2 parents dc7242a + 00d8ab3 commit ef9c0b1ff129a877c13691a5eec31e8b51cebe89 @realityking realityking committed Mar 15, 2012
@@ -0,0 +1 @@
+# Dummy SQL file to set schema version
@@ -0,0 +1 @@
+# Dummy SQL file to set schema version
@@ -0,0 +1 @@
+# Dummy SQL file to set schema version
@@ -6,7 +6,7 @@
<authorUrl>www.joomla.org</authorUrl>
<copyright>(C) 2005 - 2012 Open Source Matters. All rights reserved</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
- <version>2.5.2</version>
+ <version>2.5.3</version>
<creationDate>March 2012</creationDate>
<description>FILES_JOOMLA_XML_DESCRIPTION</description>
@@ -187,7 +187,7 @@ public function getData()
}
// Get the groups the user should be added to after registration.
- $this->data->groups = isset($this->data->groups) ? array_unique($this->data->groups) : array();
+ $this->data->groups = array();
// Get the default new user group, Registered if not specified.
$system = $params->get('new_usertype', 2);
View
@@ -181,8 +181,9 @@ $ -> Language fix or change
# [#27600] Editor-XTD buttons Issues in FireFox 9. Thanks Ofer.
# [#27853] error notice using search in joomla 2.5. Thanks Ofer.
--------------------- 2.5.2 Stable Release [05-Mar-2012] ------------------
+-------------------- 2.5.3 Stable Release [15-Mar-2012] ------------------
+-------------------- 2.5.2 Stable Release [05-Mar-2012] ------------------
-------------------- 2.5.1 Stable Release [02-Feb-2012] ------------------
@@ -584,7 +585,7 @@ $ -> Language fix or change
# [#27454] SQLQuery with function!
21-Dec-2011 Christophe Demko
- ^ [#27409] Remove unnecessary import calls and fix up docblocks (Rouven Weßling)
+ ^ [#27409] Remove unnecessary import calls and fix up docblocks (Rouven Weßling)
$ [#27417] Options have replaced preferences (Jean-Marie Simonet)
21-Dec-2011 Jean-Marie Simonet
@@ -536,7 +536,7 @@ INSERT INTO `#__extensions` (`extension_id`, `name`, `type`, `element`, `folder`
(601, 'English (United Kingdom)', 'language', 'en-GB', '', 1, 1, 1, 1, '', '', '', '', 0, '0000-00-00 00:00:00', 0, 0);
INSERT INTO `#__extensions` (`extension_id`, `name`, `type`, `element`, `folder`, `client_id`, `enabled`, `access`, `protected`, `manifest_cache`, `params`, `custom_data`, `system_data`, `checked_out`, `checked_out_time`, `ordering`, `state`) VALUES
-(700, 'Joomla! CMS', 'file', 'joomla', '', 0, 1, 1, 1, '{"legacy":false,"name":"files_joomla","type":"file","creationDate":"January 2012","author":"Joomla!","copyright":"(C) 2005 - 2012 Open Source Matters. All rights reserved","authorEmail":"admin@joomla.org","authorUrl":"www.joomla.org","version":"2.5.2","description":"FILES_JOOMLA_XML_DESCRIPTION","group":""}', '', '', '', 0, '0000-00-00 00:00:00', 0, 0);
+(700, 'Joomla! CMS', 'file', 'joomla', '', 0, 1, 1, 1, '{"legacy":false,"name":"files_joomla","type":"file","creationDate":"January 2012","author":"Joomla!","copyright":"(C) 2005 - 2012 Open Source Matters. All rights reserved","authorEmail":"admin@joomla.org","authorUrl":"www.joomla.org","version":"2.5.3","description":"FILES_JOOMLA_XML_DESCRIPTION","group":""}', '', '', '', 0, '0000-00-00 00:00:00', 0, 0);
INSERT INTO `#__extensions` (`extension_id`, `name`, `type`, `element`, `folder`, `client_id`, `enabled`, `access`, `protected`, `manifest_cache`, `params`, `custom_data`, `system_data`, `checked_out`, `checked_out_time`, `ordering`, `state`) VALUES
(800, 'joomla', 'package', 'pkg_joomla', '', 0, 1, 1, 1, '', '', '', '', 0, '0000-00-00 00:00:00', 0, 0);
Oops, something went wrong.
Oops, something went wrong.
@@ -23,7 +23,7 @@
public $RELEASE = '2.5';
/** @var string Maintenance version. */
- public $DEV_LEVEL = '2';
+ public $DEV_LEVEL = '3';
/** @var string Development STATUS. */
public $DEV_STATUS = 'Stable';
@@ -35,7 +35,7 @@
public $CODENAME = 'Ember';
/** @var string Release date. */
- public $RELDATE = '5-March-2012';
+ public $RELDATE = '15-March-2012';
/** @var string Release time. */
public $RELTIME = '14:00';
@@ -0,0 +1,151 @@
+<?php
+/**
+ * @package Joomla.Platform
+ * @subpackage Crypt
+ *
+ * @copyright Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
+ * @license GNU General Public License version 2 or later; see LICENSE
+ */
+
+defined('JPATH_PLATFORM') or die;
+
+/**
+ * JCrypt is a Joomla Platform class for handling basic encryption/decryption of data.
+ *
+ * @package Joomla.Platform
+ * @subpackage Crypt
+ * @since 12.1
+ */
+class JCrypt
+{
+ /**
+ * Generate random bytes.
+ *
+ * @param integer $length Length of the random data to generate
+ *
+ * @return string Random binary data
+ *
+ * @since 12.1
+ */
+ function genRandomBytes($length = 16)
+ {
+ $sslStr = '';
+ /*
+ * if a secure randomness generator exists and we don't
+ * have a buggy PHP version use it.
+ */
+ if (
+ function_exists('openssl_random_pseudo_bytes')
+ && (version_compare(PHP_VERSION, '5.3.4') >= 0
+ || substr(PHP_OS, 0, 3) !== 'WIN'
+ )
+ )
+ {
+ $sslStr = openssl_random_pseudo_bytes($length, $strong);
+ if ($strong)
+ {
+ return $sslStr;
+ }
+ }
+
+ /*
+ * Collect any entropy available in the system along with a number
+ * of time measurements of operating system randomness.
+ */
+ $bitsPerRound = 2;
+ $maxTimeMicro = 400;
+ $shaHashLength = 20;
+ $randomStr = '';
+ $total = $length;
+
+ // Check if we can use /dev/urandom.
+ $urandom = false;
+ $handle = null;
+ if (function_exists('stream_set_read_buffer') && @is_readable('/dev/urandom'))
+ {
+ $handle = @fopen('/dev/urandom', 'rb');
+ if ($handle)
+ {
+ $urandom = true;
+ }
+ }
+
+ while ($length > strlen($randomStr))
+ {
+ $bytes = ($total > $shaHashLength)? $shaHashLength : $total;
+ $total -= $bytes;
+ /*
+ * Collect any entropy available from the PHP system and filesystem.
+ * If we have ssl data that isn't strong, we use it once.
+ */
+ $entropy = rand() . uniqid(mt_rand(), true) . $sslStr;
+ $entropy .= implode('', @fstat(fopen( __FILE__, 'r')));
+ $entropy .= memory_get_usage();
+ $sslStr = '';
+ if ($urandom)
+ {
+ stream_set_read_buffer($handle, 0);
+ $entropy .= @fread($handle, $bytes);
+ }
+ else
+ {
+ /*
+ * There is no external source of entropy so we repeat calls
+ * to mt_rand until we are assured there's real randomness in
+ * the result.
+ *
+ * Measure the time that the operations will take on average.
+ */
+ $samples = 3;
+ $duration = 0;
+ for ($pass = 0; $pass < $samples; ++$pass)
+ {
+ $microStart = microtime(true) * 1000000;
+ $hash = sha1(mt_rand(), true);
+ for ($count = 0; $count < 50; ++$count)
+ {
+ $hash = sha1($hash, true);
+ }
+ $microEnd = microtime(true) * 1000000;
+ $entropy .= $microStart . $microEnd;
+ if ($microStart > $microEnd) {
+ $microEnd += 1000000;
+ }
+ $duration += $microEnd - $microStart;
+ }
+ $duration = $duration / $samples;
+
+ /*
+ * Based on the average time, determine the total rounds so that
+ * the total running time is bounded to a reasonable number.
+ */
+ $rounds = (int)(($maxTimeMicro / $duration) * 50);
+
+ /*
+ * Take additional measurements. On average we can expect
+ * at least $bitsPerRound bits of entropy from each measurement.
+ */
+ $iter = $bytes * (int) ceil(8 / $bitsPerRound);
+ for ($pass = 0; $pass < $iter; ++$pass)
+ {
+ $microStart = microtime(true);
+ $hash = sha1(mt_rand(), true);
+ for ($count = 0; $count < $rounds; ++$count)
+ {
+ $hash = sha1($hash, true);
+ }
+ $entropy .= $microStart . microtime(true);
+ }
+ }
+
+ $randomStr .= sha1($entropy, true);
+ }
+
+ if ($urandom)
+ {
+ @fclose($handle);
+ }
+
+ return substr($randomStr, 0, $length);
+ }
+}
@@ -0,0 +1 @@
+<!DOCTYPE html><title></title>
@@ -525,12 +525,22 @@ public static function getSalt($encryption = 'md5-hex', $seed = '', $plaintext =
public static function genRandomPassword($length = 8)
{
$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- $len = strlen($salt);
+ $base = strlen($salt);
$makepass = '';
- for ($i = 0; $i < $length; $i++)
+ /*
+ * Start with a cryptographic strength random string, then convert it to
+ * a string with the numeric base of the salt.
+ * Shift the base conversion on each character so the character
+ * distribution is even, and randomize the start shift so it's not
+ * predictable.
+ */
+ $random = JCrypt::genRandomBytes($length + 1);
+ $shift = ord($random[0]);
+ for ($i = 1; $i <= $length; ++$i)
{
- $makepass .= $salt[mt_rand(0, $len - 1)];
+ $makepass .= $salt[($shift + ord($random[$i])) % $base];
+ $shift += ord($random[$i]);
}
return $makepass;
@@ -67,7 +67,7 @@ static function handleError(&$error)
{
$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
- $db->setQuery('select id from '.$db->quoteName('#__redirect_links')." where old_url='" . $db->quote($current) . "'");
+ $db->setQuery('SELECT id FROM ' . $db->quoteName('#__redirect_links') . ' WHERE old_url= ' . $db->quote($current));
$res = $db->loadResult();
if(!$res) {

0 comments on commit ef9c0b1

Please sign in to comment.