Add some more missing limit parameters to explode() calls

[lhc/web/wiklou.git] / includes / session / Session.php

diff --git a/includes/session/Session.php b/includes/session/Session.php
index 23d9ab3..328958c 100644 (file)
--- a/includes/session/Session.php
+++ b/includes/session/Session.php
@@ -291,7 +291,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
        /**
         * Fetch a value from the session
         * @param string|int $key
-        * @param mixed $default Returned if $this->exists( $key ) would be false
+        * @param mixed|null $default Returned if $this->exists( $key ) would be false
         * @return mixed
         */
        public function get( $key, $default = null ) {
@@ -481,7 +481,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
 
                // Encrypt
                // @todo: import a pure-PHP library for AES instead of doing $wgSessionInsecureSecrets
-               $iv = \MWCryptRand::generate( 16, true );
+               $iv = random_bytes( 16 );
                $algorithm = self::getEncryptionAlgorithm();
                switch ( $algorithm[0] ) {
                        case 'openssl':
@@ -522,7 +522,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
        /**
         * Fetch a value from the session that was set with self::setSecret()
         * @param string|int $key
-        * @param mixed $default Returned if $this->exists( $key ) would be false or decryption fails
+        * @param mixed|null $default Returned if $this->exists( $key ) would be false or decryption fails
         * @return mixed
         */
        public function getSecret( $key, $default = null ) {
@@ -537,7 +537,7 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
                // Extension::OATHAuth.
 
                // Unseal and check
-               $pieces = explode( '.', $encrypted );
+               $pieces = explode( '.', $encrypted, 4 );
                if ( count( $pieces ) !== 3 ) {
                        $ex = new \Exception( 'Invalid sealed-secret format' );
                        $this->logger->warning( $ex->getMessage(), [ 'exception' => $ex ] );
@@ -621,31 +621,37 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
         * @{
         */
 
+       /** @inheritDoc */
        public function count() {
                $data = &$this->backend->getData();
                return count( $data );
        }
 
+       /** @inheritDoc */
        public function current() {
                $data = &$this->backend->getData();
                return current( $data );
        }
 
+       /** @inheritDoc */
        public function key() {
                $data = &$this->backend->getData();
                return key( $data );
        }
 
+       /** @inheritDoc */
        public function next() {
                $data = &$this->backend->getData();
                next( $data );
        }
 
+       /** @inheritDoc */
        public function rewind() {
                $data = &$this->backend->getData();
                reset( $data );
        }
 
+       /** @inheritDoc */
        public function valid() {
                $data = &$this->backend->getData();
                return key( $data ) !== null;
@@ -678,10 +684,12 @@ final class Session implements \Countable, \Iterator, \ArrayAccess {
                return $data[$offset];
        }
 
+       /** @inheritDoc */
        public function offsetSet( $offset, $value ) {
                $this->set( $offset, $value );
        }
 
+       /** @inheritDoc */
        public function offsetUnset( $offset ) {
                $this->remove( $offset );
        }