| #
61251093 |
| 07-Jul-2023 |
Tim Düsterhus |
Deprecate MT_RAND_PHP (#11560)
see https://wiki.php.net/rfc/deprecations_php_8_3#mt_rand_php
|
| #
7f0b228f |
| 28-Oct-2022 |
Tim Düsterhus |
Fix pre-PHP 8.2 compatibility for php_mt_rand_range() with MT_RAND_PHP (#9839)
* Fix pre-PHP 8.2 compatibility for php_mt_rand_range() with MT_RAND_PHP
As some left-over comments in
Fix pre-PHP 8.2 compatibility for php_mt_rand_range() with MT_RAND_PHP (#9839)
* Fix pre-PHP 8.2 compatibility for php_mt_rand_range() with MT_RAND_PHP
As some left-over comments indicated:
> Legacy mode deliberately not inside php_mt_rand_range()
> to prevent other functions being affected
The broken scaler was only used for `php_mt_rand_common()`, not
`php_mt_rand_range()`. The former is only used for `mt_rand()`, whereas the
latter is used for `array_rand()` and others.
With the refactoring for the introduction of ext/random `php_mt_rand_common()`
and `php_mt_rand_range()` were accidentally unified, thus introducing a
behavioral change that was reported in FakerPHP/Faker#528.
This commit moves the checks for `MT_RAND_PHP` from the general-purpose
`range()` function back into `php_mt_rand_common()` and also into
`Randomizer::getInt()` for drop-in compatibility with `mt_rand()`.
* [ci skip] NEWS for `MT_RAND_PHP` compatibility
show more ...
|
| #
ddf7a5d4 |
| 05-Sep-2022 |
Tim Düsterhus |
random: Validate that the arrays do not contain extra elements when unserializing (#9458)
* Apply `var_dump()` in 02_engine/all_serialize_error.phpt
This ensures that an undetected
random: Validate that the arrays do not contain extra elements when unserializing (#9458)
* Apply `var_dump()` in 02_engine/all_serialize_error.phpt
This ensures that an undetected serialization error is clear identifiable in the output.
* random: Validate that the arrays do not contain extra elements when unserializing
show more ...
|
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23 |
|
| #
adb45a63 |
| 30-Aug-2022 |
Máté Kocsis |
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become a
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0.
(Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked)
* Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing
* Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic
properties that would then be added to the backing fixed-size array
* Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing
* Update tests to declare properties or to expect the deprecation warning
* Add news entry
Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
show more ...
|
|
Revision tags: php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3 |
|
| #
60ace13f |
| 03-Aug-2022 |
Tim Düsterhus |
Fix undefined behavior of MT_RAND_PHP if range exceeds ZEND_LONG_MAX (#9197)
RAND_RANGE_BADSCALING() invokes undefined behavior when (max - min) >
ZEND_LONG_MAX, because the intermediate
Fix undefined behavior of MT_RAND_PHP if range exceeds ZEND_LONG_MAX (#9197)
RAND_RANGE_BADSCALING() invokes undefined behavior when (max - min) >
ZEND_LONG_MAX, because the intermediate `double` might not fit into
`zend_long`.
Fix this by inlining a fixed version of the macro into Mt19937's range()
function. Fixing the macro itself cannot be done in the general case, because
the types of the inputs are not known. Instead of replacing one possibly broken
version with another possibly broken version, the macro is simply left as is
and should be removed in a future version.
The fix itself is simple: Instead of storing the "offset" in a `zend_long`, we
use a `zend_ulong` which is capable of storing the resulting double by
construction. With this fix the implementation of this broken scaling is
effectively identical to the implementation of php_random_range from a data
type perspective, making it easy to verify the correctness.
It was further empirically verified that the broken macro and the fix return
the same results for all possible values of `r` for several distinct pairs of
(min, max).
Fixes GH-9190
Fixes GH-9191
show more ...
|
| #
3331832b |
| 02-Aug-2022 |
Tim Düsterhus |
Add ext/random Exception hierarchy (#9220)
* Add Random\Random{Error,Exception} and Random\BrokenRandomEngineError
* Throw BrokenRandomEngineError
* Throw RandomException o
Add ext/random Exception hierarchy (#9220)
* Add Random\Random{Error,Exception} and Random\BrokenRandomEngineError
* Throw BrokenRandomEngineError
* Throw RandomException on seeding failure
* Throw RandomException when CSPRNG fails
* Remove unused include from ext/random/engine_combinedlcg.c
* Remove unused include from ext/random/engine_secure.c
* Remove unused include from ext/random/random.c
* [ci skip] Add ext/random Exception hierarchy to NEWS
* [ci skip] Add the change of Exception for random_(int|bytes) to UPGRADING
show more ...
|
| #
54e406cc |
| 02-Aug-2022 |
Tim Düsterhus |
Clean up nested exceptions without value-add in ext/random (#9211)
* Remove exception in Randomizer::shuffleBytes()
The only way that `php_binary_string_shuffle` fails is when the e
Clean up nested exceptions without value-add in ext/random (#9211)
* Remove exception in Randomizer::shuffleBytes()
The only way that `php_binary_string_shuffle` fails is when the engine itself
fails. With the currently available list of engines we have:
- Mt19937 : Infallible.
- PcgOneseq128XslRr64: Infallible.
- Xoshiro256StarStar : Infallible.
- Secure : Practically infallible on modern systems.
Exception messages were cleaned up in GH-9169.
- User : Error when returning an empty string.
Error when seriously biased (range() fails).
And whatever Throwable the userland developer decides to use.
So the existing engines are either infallible or throw an Exception/Error with
a high quality message themselves, making this exception not a value-add and
possibly confusing.
* Remove exception in Randomizer::shuffleArray()
Same reasoning as in the previous commit applies.
* Remove exception in Randomizer::getInt()
Same reasoning as in the previous commit applies.
* Remove exception in Randomizer::nextInt()
Same reasoning as in the previous commit applies, except that it won't throw on
a seriously biased user engine, as `range()` is not used.
* Remove exception in Randomizer::getBytes()
Same reasoning as in the previous commit applies.
* Remove exception in Mt19937::generate()
This implementation is shared across all native engines. Thus the same
reasoning as the previous commits applies, except that the User engine does not
use this method. Thus is only applicable to the Secure engine, which is the
only fallible native engine.
* [ci skip] Add cleanup of Randomizer exceptions to NEWS
show more ...
|
|
Revision tags: php-8.2.0beta2, php-8.1.9, php-8.0.22 |
|
| #
c63f18dd |
| 02-Aug-2022 |
Tim Düsterhus |
Unify ext/random unserialize errors with ext/date (#9185)
* Unify ext/random unserialize errors with ext/date
- Use `Error` instead of `Exception`.
- Adjust wording.
*
Unify ext/random unserialize errors with ext/date (#9185)
* Unify ext/random unserialize errors with ext/date
- Use `Error` instead of `Exception`.
- Adjust wording.
* Make `zend_read_property` silent in `Randomizer::__unserialize()`
Having:
> Error: Typed property Random\Randomizer::$engine must not be accessed before
> initialization
is not a value-add in this case.
* Insert the actual class name in the unserialization error of Engines
* Revert unserialization failure back to Exception from Error
see https://news-web.php.net/php.internals/118311
show more ...
|
| #
53ca24d4 |
| 31-Jul-2022 |
Tim Düsterhus |
Improve phrasing in argument value errors in ext/random (#9206)
This rephrases the error message for argument errors to be a proper English
sentence.
Co-authored-by: Máté Kocsis
Improve phrasing in argument value errors in ext/random (#9206)
This rephrases the error message for argument errors to be a proper English
sentence.
Co-authored-by: Máté Kocsis <kocsismate@woohoolabs.com>
show more ...
|
| #
5aca25a1 |
| 30-Jul-2022 |
Tim Düsterhus |
[ci skip] Improve error message of an engine fails to seed from the CSPRNG (#9160)
|
| #
d058acb4 |
| 27-Jul-2022 |
Tim Düsterhus |
Use ValueError if an invalid mode is passed to Mt19937 (#9159)
|
| #
5c693c77 |
| 26-Jul-2022 |
Tim Düsterhus |
Remove `->last_unsafe` from php_random_status (#9132)
Whenever ->last_unsafe is set to `true` an exception has been thrown. Thus we
can replace the check for `->last_unsafe` with a check
Remove `->last_unsafe` from php_random_status (#9132)
Whenever ->last_unsafe is set to `true` an exception has been thrown. Thus we
can replace the check for `->last_unsafe` with a check for `EG(exception)`
which is a much more natural way to ommunicate an error up the chain.
show more ...
|
| #
e4c89498 |
| 21-Jul-2022 |
Go Kudo |
[ci skip] Update EXTENSIONS and Author(s) in ext/random (#9074)
php.net account is better suited for this cases.
|
|
Revision tags: php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1 |
|
| #
4d8dd8d2 |
| 19-Jul-2022 |
Go Kudo |
Implement Random Extension
https://wiki.php.net/rfc/rng_extension
https://wiki.php.net/rfc/random_extension_improvement
|
