diff --git a/docs/changelog.md b/docs/changelog.md index 919edaa..ed325e9 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,6 +1,163 @@ xmf ChangeLog ============= +Nov 20, 2023 v1.2.29 +------------------ +* add Random::generateSecureRandomBytes() +* replace random_bytes() with generateSecureRandomBytes() for PHP 5.6 + + +Oct 30, 2023 v1.2.28 +------------------ +* Updates to library dependencies +* PHP 8.0 Error Suppression operator issues +* Handle case of no permissionHandler found +* Adds ULID support +* cosmetic and code improvements + +Mar 19, 2023 v1.2.27 +------------------ +* Update to firebase/php-jwt 6.0.0 + +Apr 16, 2022 v1.2.26 +------------------ +* Add Xmf\Module\Helper\Permission::getItemIds($gperm_name, $gperm_groupid) +* Use new module version in XoopsCore25 +* Fix issues in Xmf\Database\Tables and Xmf\Database\Migrate +* Fix some issues related to new PHP versions + +May 7, 2021 v1.2.25 +------------------ +* add \Xmf\Module\Admin::renderNavigation() method + +Mar 25, 2021 v1.2.24 +------------------ +* Fixes for PHP 5.3 compatibility + +Feb 15, 2021 v1.2.23 +------------------ +* Additional fix in Debug for Kint 3.3 + +Feb 13, 2021 v1.2.22 +------------------ +* fixes in Debug for Kint 3.3 + +Feb 13, 2021 v1.2.21 +------------------ +* Library updates +* XOOPS standardization +* Minor code cleanups + +Aug 18, 2020 v1.2.20 +------------------ +* \Xmf\Module\Helper\AbstractHelper::serializeForHelperLog() fix logging of a resource type +* Unit test updates for latest version of Webmozart\Assert + +Feb 13, 2020 v1.2.19 +------------------ +* \Xmf\Yaml::read() eliminate PHP warning if specified file does not exist. + +Dec 1, 2019 v1.2.18 +------------------ +* PHP 7.4 ready +* fix error in Database\Table::loadTableFromYamlFile() +* add Uuid::packAsBinary() and Uuid::unpackBinary() methods +* add Module/Helper/GenericHelper::uploadPath() and uploadUrl() methods +* add proxy support in IPAddress::fromRequest(); + +Mar 27, 2019 v1.2.17 +------------------ +- Docblock corrections + +Nov 29, 2018 v1.2.16 +------------------ +- Fix database column quoting + +Oct 1, 2018 v1.2.15 +------------------ +- Fix database column quoting for prefix indexes +- Add dirname() method to helper classes +- Changes Request::hasVar() default for $hash to 'default' + +Mar 30, 2018 v1.2.14 +------------------ +- add serialization to non-scalar log data +- improved handling of custom key storage +- add some unit testing +- add roave/security-advisories requirement to catch security issues at build time +- Synchronization with XoopsCore + +Nov 12, 2017 v1.2.12 +------------------ +- updates the supporting Kint library to version 2.2. + +Nov 12, 2017 v1.2.11 +------------------ +- adds support for UUID generation using the Xmf\Uuid class. + +Jul 24, 2017 v1.2.10 +------------------ +- fixes issues in Xmf\Random appearing under PHP 7.1. Xmf\Random will now avoid the mcrypt extension if at all possible, and use the native random_bytes() function in PHP 7+. + +May 19, 2017 v1.2.9 +------------------ +- fixes issues in Xmf\Highlighter and Xmf\Metagen + +May 7, 2017 v1.2.8 +------------------ +- add a missing option in \Xmf\Module\Helper\Permission::checkPermission() + +Apr 29, 2017 v1.2.7 +------------------ +- fixes issue with Xmf\Metagen::generateSeoTitle + +Apr 18, 2017 v1.2.6 +------------------ +- fixes issues with Xmf\Request::MASK_ALLOW_HTML + +Apr 3, 2017 v1.2.5 +------------------ +- updates to kint-php/kint + +Mar 6, 2017 v1.2.4 +------------------ +- adds Xmf\Assert + +Mar 3, 2017 v1.2.3 +------------------ +- synchronizes some minor docblock changes + +Feb 25, 2017 v1.2.2 +------------------ +- corrects issues with Yaml:readWrapped() + +Nov 2, 2016 v1.2.0 +------------------ +- Separates the stop word logic from MetaGen into a new StopWords class +- Deprecates MetaGen::checkStopWords() + +Sep 11, 2016 v1.1.4 +------------------ +- #17 Handle non-ascii text in Metagen::generateKeywords() + +Aug 13, 2016 v1.1.3 +------------------ +- Fix #15 XoopsRequest class not found in StripSlashesRecursive method + +Aug 6, 2016 v1.1.2 +------------------ +- Fix #13 Can't check isUserAdmin on Anonymous + +Jul 28, 2016 v1.1.1 +------------------ +- firebase/php-jwt to 4.0.0 +- Bump min PHP to 5.3.9 to allow symfony/yaml 2.8.* + +Jul 14, 2016 v1.1.0 +------------------ +- Add Xmf\Database\Migrate class to provide schema synchronization capabilities for modules. +- Bug fixes in Xmf\Database\Tables including option to disable automatic quoting of values in update() and insert() to support using column functions instead of only scalars + 01-Jun-2016 V1.0.2 ------------------ - fix issues with file name validation in Xmf\Language::loadFile() diff --git a/src/Random.php b/src/Random.php index 1c5913d..c46c658 100644 --- a/src/Random.php +++ b/src/Random.php @@ -101,4 +101,20 @@ public static function generateKey($hash = 'sha512', $bytes = 128) $token = hash($hash, $randomData); return $token; } + + public static function generateSecureRandomBytes($length) { + if (function_exists('random_bytes')) { + return random_bytes($length); + } elseif (function_exists('openssl_random_pseudo_bytes')) { + return openssl_random_pseudo_bytes($length); + } else { + // Fallback to less secure random generation using mt_rand() + $randomString = ''; + for ($i = 0; $i < $length; $i++) { + $randomString .= chr(mt_rand(0, 255)); + } + return $randomString; + } + } + } diff --git a/src/Ulid.php b/src/Ulid.php index 887119f..bb61d27 100644 --- a/src/Ulid.php +++ b/src/Ulid.php @@ -62,7 +62,7 @@ public static function encodeTime(int $time): string public static function encodeRandomness(): string { $encodingCharsArray = str_split(self::ENCODING_CHARS); - $randomBytes = \random_bytes(10); // 80 bits + $randomBytes = Random::generateSecureRandomBytess(10); // 80 bits // Check if the random bytes were generated successfully. if (false === $randomBytes) { throw new \RuntimeException('Failed to generate random bytes'); diff --git a/src/Uuid.php b/src/Uuid.php index c90f444..c4e09d6 100644 --- a/src/Uuid.php +++ b/src/Uuid.php @@ -36,7 +36,7 @@ class Uuid */ public static function generate() { - $data = random_bytes(16); + $data = Random::generateSecureRandomBytes(16); $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // set version to 0100 $data[8] = chr(ord($data[8]) & 0x3f | 0x80); // set bits 6-7 to 10