summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Schultze <webmaster@tubo-world.de>2015-10-29 13:12:54 +0100
committerTobias Schultze <webmaster@tubo-world.de>2015-10-29 13:12:54 +0100
commitf77c39f9f724d776f97bb8187173e0815271e55b (patch)
tree365253b833e06a31e20f00722db369c1e3343d73
parentfe0053f6ff87a470547a1898b9bf36a32e73ae7e (diff)
parent7c51b1c6f08ea0bfd4a44e8d0f202c6423a39587 (diff)
downloadsymfony-security-f77c39f9f724d776f97bb8187173e0815271e55b.zip
symfony-security-f77c39f9f724d776f97bb8187173e0815271e55b.tar.gz
symfony-security-f77c39f9f724d776f97bb8187173e0815271e55b.tar.bz2
Merge branch '2.8'
Conflicts: CHANGELOG-2.3.md CHANGELOG-2.7.md composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Console/Tests/Helper/LegacyProgressHelperTest.php src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php src/Symfony/Component/Console/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/Form/Tests/FormRegistryTest.php src/Symfony/Component/Form/composer.json src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/HttpKernel/Tests/Profiler/MongoDbProfilerStorageTest.php src/Symfony/Component/Intl/composer.json src/Symfony/Component/Ldap/composer.json src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/Csrf/composer.json src/Symfony/Component/Security/Http/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/Encoder/JsonEncoder.php src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Templating/PhpEngine.php src/Symfony/Component/Translation/composer.json src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php src/Symfony/Component/VarDumper/composer.json
Diffstat
-rw-r--r--Core/Encoder/BasePasswordEncoder.php4
-rw-r--r--Core/Tests/Util/StringUtilsTest.php2
-rw-r--r--Core/Util/StringUtils.php39
-rw-r--r--Core/composer.json7
-rw-r--r--Csrf/CsrfTokenManager.php3
-rw-r--r--Csrf/composer.json5
-rw-r--r--Http/RememberMe/TokenBasedRememberMeServices.php3
-rw-r--r--Http/composer.json5
-rw-r--r--composer.json7
9 files changed, 29 insertions, 46 deletions
diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php
index 1c9ada1..12126d8 100644
--- a/Core/Encoder/BasePasswordEncoder.php
+++ b/Core/Encoder/BasePasswordEncoder.php
@@ -11,8 +11,6 @@
namespace Symfony\Component\Security\Core\Encoder;
-use Symfony\Component\Security\Core\Util\StringUtils;
-
/**
* BasePasswordEncoder is the base class for all password encoders.
*
@@ -83,7 +81,7 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
*/
protected function comparePasswords($password1, $password2)
{
- return StringUtils::equals($password1, $password2);
+ return hash_equals($password1, $password2);
}
/**
diff --git a/Core/Tests/Util/StringUtilsTest.php b/Core/Tests/Util/StringUtilsTest.php
index faeaf25..78d9b05 100644
--- a/Core/Tests/Util/StringUtilsTest.php
+++ b/Core/Tests/Util/StringUtilsTest.php
@@ -15,6 +15,8 @@ use Symfony\Component\Security\Core\Util\StringUtils;
/**
* Data from PHP.net's hash_equals tests.
+ *
+ * @group legacy
*/
class StringUtilsTest extends \PHPUnit_Framework_TestCase
{
diff --git a/Core/Util/StringUtils.php b/Core/Util/StringUtils.php
index 343585c..5900812 100644
--- a/Core/Util/StringUtils.php
+++ b/Core/Util/StringUtils.php
@@ -11,10 +11,16 @@
namespace Symfony\Component\Security\Core\Util;
+@trigger_error('The '.__NAMESPACE__.'\\StringUtils class is deprecated since version 2.8 and will be removed in 3.0. Use hash_equals() instead.', E_USER_DEPRECATED);
+
+use Symfony\Component\Polyfill\Util\Binary;
+
/**
* String utility functions.
*
* @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated since 2.8, to be removed in 3.0.
*/
class StringUtils
{
@@ -47,25 +53,7 @@ class StringUtils
$userInput = (string) $userInput;
}
- if (function_exists('hash_equals')) {
- return hash_equals($knownString, $userInput);
- }
-
- $knownLen = self::safeStrlen($knownString);
- $userLen = self::safeStrlen($userInput);
-
- if ($userLen !== $knownLen) {
- return false;
- }
-
- $result = 0;
-
- for ($i = 0; $i < $knownLen; ++$i) {
- $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
- }
-
- // They are only identical strings if $result is exactly 0...
- return 0 === $result;
+ return hash_equals($knownString, $userInput);
}
/**
@@ -77,17 +65,6 @@ class StringUtils
*/
public static function safeStrlen($string)
{
- // Premature optimization
- // Since this cannot be changed at runtime, we can cache it
- static $funcExists = null;
- if (null === $funcExists) {
- $funcExists = function_exists('mb_strlen');
- }
-
- if ($funcExists) {
- return mb_strlen($string, '8bit');
- }
-
- return strlen($string);
+ return Binary::strlen($string);
}
}
diff --git a/Core/composer.json b/Core/composer.json
index bc14d0a..28230f0 100644
--- a/Core/composer.json
+++ b/Core/composer.json
@@ -17,15 +17,18 @@
],
"require": {
"php": ">=5.5.9",
- "paragonie/random_compat": "~1.0"
+ "symfony/polyfill-php55": "~1.0",
+ "symfony/polyfill-php56": "~1.0",
+ "symfony/polyfill-php70": "~1.0",
+ "symfony/polyfill-util": "~1.0"
},
"require-dev": {
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/expression-language": "~2.8|~3.0",
"symfony/http-foundation": "~2.8|~3.0",
+ "symfony/ldap": "~2.8|~3.0",
"symfony/translation": "~2.8|~3.0",
"symfony/validator": "~2.8|~3.0",
- "symfony/ldap": "~2.8|~3.0",
"psr/log": "~1.0"
},
"suggest": {
diff --git a/Csrf/CsrfTokenManager.php b/Csrf/CsrfTokenManager.php
index e129502..cdda543 100644
--- a/Csrf/CsrfTokenManager.php
+++ b/Csrf/CsrfTokenManager.php
@@ -11,7 +11,6 @@
namespace Symfony\Component\Security\Csrf;
-use Symfony\Component\Security\Core\Util\StringUtils;
use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage;
@@ -92,6 +91,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
return false;
}
- return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue());
+ return hash_equals($this->storage->getToken($token->getId()), $token->getValue());
}
}
diff --git a/Csrf/composer.json b/Csrf/composer.json
index 7366b02..376db29 100644
--- a/Csrf/composer.json
+++ b/Csrf/composer.json
@@ -17,8 +17,9 @@
],
"require": {
"php": ">=5.5.9",
- "symfony/security-core": "~2.8|~3.0",
- "paragonie/random_compat": "~1.0"
+ "symfony/polyfill-php56": "~1.0",
+ "symfony/polyfill-php70": "~1.0",
+ "symfony/security-core": "~2.8|~3.0"
},
"require-dev": {
"symfony/http-foundation": "~2.8|~3.0"
diff --git a/Http/RememberMe/TokenBasedRememberMeServices.php b/Http/RememberMe/TokenBasedRememberMeServices.php
index f6107ec..a443702 100644
--- a/Http/RememberMe/TokenBasedRememberMeServices.php
+++ b/Http/RememberMe/TokenBasedRememberMeServices.php
@@ -17,7 +17,6 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Core\Util\StringUtils;
/**
* Concrete implementation of the RememberMeServicesInterface providing
@@ -54,7 +53,7 @@ class TokenBasedRememberMeServices extends AbstractRememberMeServices
throw new \RuntimeException(sprintf('The UserProviderInterface implementation must return an instance of UserInterface, but returned "%s".', get_class($user)));
}
- if (true !== StringUtils::equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {
+ if (true !== hash_equals($this->generateCookieHash($class, $username, $expires, $user->getPassword()), $hash)) {
throw new AuthenticationException('The cookie\'s hash is invalid.');
}
diff --git a/Http/composer.json b/Http/composer.json
index b7fe686..3fad2bb 100644
--- a/Http/composer.json
+++ b/Http/composer.json
@@ -21,8 +21,9 @@
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/http-foundation": "~2.8|~3.0",
"symfony/http-kernel": "~2.8|~3.0",
- "symfony/property-access": "~2.8|~3.0",
- "paragonie/random_compat": "~1.0"
+ "symfony/polyfill-php56": "~1.0",
+ "symfony/polyfill-php70": "~1.0",
+ "symfony/property-access": "~2.8|~3.0"
},
"require-dev": {
"symfony/routing": "~2.8|~3.0",
diff --git a/composer.json b/composer.json
index 3f317fe..a6039e3 100644
--- a/composer.json
+++ b/composer.json
@@ -20,8 +20,11 @@
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/http-foundation": "~2.8|~3.0",
"symfony/http-kernel": "~2.8|~3.0",
+ "symfony/polyfill-php55": "~1.0",
+ "symfony/polyfill-php56": "~1.0",
+ "symfony/polyfill-php70": "~1.0",
+ "symfony/polyfill-util": "~1.0",
"symfony/property-access": "~2.8|~3.0",
- "paragonie/random_compat": "~1.0"
},
"replace": {
"symfony/security-core": "self.version",
@@ -31,7 +34,7 @@
},
"require-dev": {
"symfony/finder": "~2.8|~3.0",
- "symfony/intl": "~2.8|~3.0",
+ "symfony/polyfill-intl-icu": "~1.0",
"symfony/routing": "~2.8|~3.0",
"symfony/translation": "~2.8|~3.0",
"symfony/validator": "~2.8|~3.0",
generated by cgit v1.1 at 2025-05-11 04:32:20 +0000