PHP Fatal error : Uncaught exception 'Exception' with message 'There is no suitable CSPRNG installed on your system'

[estojeteamsys]

Hi everyone,

I just found this error after updating WP to 5.1, while trying to access wp-admin :

Fatal error: Uncaught exception 'Exception' with message 'There is no suitable CSPRNG installed on your system' in /wp-includes/random_compat/random.php:212 Stack trace:`
#0 /wp-includes/random_compat/random_int.php(156): random_bytes(1)
#1 /wp-content/plugins/qtranslate-xt/admin/qtx_update_gettext_db.php(30): random_int(7, 14)
#2 /wp-content/plugins/qtranslate-xt/admin/qtx_admin_utils.php(372): qtranxf_updateGettextDatabasesEx(false, '')
#3 /wp-content/plugins/qtranslate-xt/admin/qtx_admin.php(236): qtranxf_updateGettextDatabases()
#4 [internal function]: qtranxf_admin_init('')
#5 /wp-includes/class-wp-hook.php(286): call_user_func_array('qtranxf_admin_i...', Array)
#6 /wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters('', Array)
#7 /wp-includes/plugin.php(465): WP_Hook->do_action(Arra in /wp-includes/random_compat/random.php on line 212

I'm using qtranslate-xt 3.5.3, and PHP version is 5.6.5 (which I can't change).

Any idea of a way to resolve this ?

Thanks :)

[herrvigg]

The problem is triggered by the call to random_int (NB: i edited your post to be able to read the stack trace). Not being able to use the random generator can be an issue for many things beyond qTranslate so it's more a problem with your server installation.

In qTranslate this qtranxf_updateGettextDatabasesEx is called because there's a feature in qTranslate that will automatically update your .mo files. In any case this feature should not be vital. As a workaround you can simply disable this for now. In options / advanced / Update Gettext Databases > Automatically check for .mo-Database Updates of installed languages. However as this even prevents to open the admin page you'd need another trick to disable this.

So if we look at the code there's a check on the date but... why on earth would we need a random number here?! It does not make any sense. Maybe we should simply put a constant value here.

	$next_update = get_option( 'qtranslate_next_update_mo' );
		if ( time() < $next_update && ! $force ) {
			return true;
		}
		$d = random_int( 7, 14 );  // <--- WHY A RANDOM DAY ?!
		update_option( 'qtranslate_next_update_mo', time() + $d * 24 * 60 * 60 );

Can you try just putting $d=7; ? It's the number of days until next check occurs.
(file: /wp-content/plugins/qtranslate-xt/admin/qtx_update_gettext_db.php(30))

[herrvigg]

Also to be noted random_int uses a cryptographically secure generator. So this could simply be changed to rand which is a more conventional random generator. We don't need any crypto here.

But still i'm wondering why a random day was used. Is it because it could fail some specific days? Anyway you would get an admin notice and then there's the "update now" feature.

Now i'm even wondering why there is this feature in qTranslate, shouldn't it be done by WP Core?

[majekw]

It looks like random_int was introduced in php 7.0, so for older installations it throws error.
But I wonder why it didn't show earlier as this randomness was in code since Jun of 2016?

[herrvigg]

It was done in 3.4.8 pre-release (see 695fcb3). It's from June 2016 but this version was never released officially in wordpress.org so it came only when i merged this and released the first qTranslate-XT as 3.5.0.

This checking period for gettext DB used to be 7 days but there is no related ticket or description in the release notes. The best is simply to revert this change, if we really need the random value we'll come back to it with rand.

[herrvigg]

Revert done in master, no more random_int so you won't have any CSPNRG issue with qTranslate-XT.