From e4f53494020b364e133437f1985a1a193f720e9f Mon Sep 17 00:00:00 2001 From: Platonides Date: Mon, 2 Apr 2012 17:17:09 +0200 Subject: [PATCH] Improve MWCryptRand comments a bit. Change-Id: Id9e3818f38927079d703913c894f26a3ce9a0895 --- includes/CryptRand.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/includes/CryptRand.php b/includes/CryptRand.php index 89940822ba..95905fb617 100644 --- a/includes/CryptRand.php +++ b/includes/CryptRand.php @@ -54,7 +54,7 @@ class MWCryptRand { // It'll also vary slightly across different machines $state = serialize( $_SERVER ); - // To try and vary the system information of the state a bit more + // To try vary the system information of the state a bit more // by including the system's hostname into the state $state .= wfHostname(); @@ -72,10 +72,13 @@ class MWCryptRand { $files[] = dirname( dirname( __FILE__ ) ); // The config file is likely the most often edited file we know should be around - // so if the constant with it's location is defined include it's stat info into the state + // so include its stat info into the state. + // The constant with its location will almost always be defined, as WebStart.php defines + // MW_CONFIG_FILE to $IP/LocalSettings.php unless being configured with MW_CONFIG_CALLBACK (eg. the installer) if ( defined( 'MW_CONFIG_FILE' ) ) { $files[] = MW_CONFIG_FILE; } + foreach ( $files as $file ) { wfSuppressWarnings(); $stat = stat( $file ); @@ -281,7 +284,7 @@ class MWCryptRand { if ( strlen( $buffer ) < $bytes ) { // If available make use of mcrypt_create_iv URANDOM source to generate randomness // On unix-like systems this reads from /dev/urandom but does it without any buffering - // and bypasses openbasdir restrictions so it's preferable to reading directly + // and bypasses openbasedir restrictions, so it's preferable to reading directly // On Windows starting in PHP 5.3.0 Windows' native CryptGenRandom is used to generate // entropy so this is also preferable to just trying to read urandom because it may work // on Windows systems as well. @@ -300,9 +303,10 @@ class MWCryptRand { } if ( strlen( $buffer ) < $bytes ) { - // If available make use of openssl's random_pesudo_bytes method to attempt to generate randomness. + // If available make use of openssl's random_pseudo_bytes method to attempt to generate randomness. // However don't do this on Windows with PHP < 5.3.4 due to a bug: // http://stackoverflow.com/questions/1940168/openssl-random-pseudo-bytes-is-slow-php + // http://git.php.net/?p=php-src.git;a=commitdiff;h=cd62a70863c261b07f6dadedad9464f7e213cad5 if ( function_exists( 'openssl_random_pseudo_bytes' ) && ( !wfIsWindows() || version_compare( PHP_VERSION, '5.3.4', '>=' ) ) ) { -- 2.20.1