From 8901e7c1255df3766ccb97d1fa04b3e182b14a70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Sessing=C3=B8?= Date: Tue, 9 May 2017 02:49:41 +0200 Subject: [PATCH] Development - Added check in `CsrfToken` class to ensure that IV generation is strong and secure. - Minor optimisations mostly related to PHPDocs and PHPStorm code-inspection. --- src/Pecee/CsrfToken.php | 10 +++++++++- src/Pecee/Http/Input/Input.php | 2 +- src/Pecee/SimpleRouter/Route/RouteController.php | 2 +- src/Pecee/SimpleRouter/Route/RouteResource.php | 2 +- src/Pecee/SimpleRouter/SimpleRouter.php | 12 ++++++++---- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/Pecee/CsrfToken.php b/src/Pecee/CsrfToken.php index d161974..6080827 100644 --- a/src/Pecee/CsrfToken.php +++ b/src/Pecee/CsrfToken.php @@ -10,6 +10,7 @@ class CsrfToken /** * Generate random identifier for CSRF token * + * @throws \RuntimeException * @return string */ public static function generateToken() @@ -18,7 +19,14 @@ class CsrfToken return bin2hex(random_bytes(32)); } - return bin2hex(openssl_random_pseudo_bytes(32)); + $isSourceStrong = false; + + $random = openssl_random_pseudo_bytes(32, $isSourceStrong); + if ($isSourceStrong === false || $random === false) { + throw new \RuntimeException('IV generation failed'); + } + + return $random; } /** diff --git a/src/Pecee/Http/Input/Input.php b/src/Pecee/Http/Input/Input.php index 57825fd..c3732dd 100644 --- a/src/Pecee/Http/Input/Input.php +++ b/src/Pecee/Http/Input/Input.php @@ -60,7 +60,7 @@ class Input { $list = []; - foreach ($_FILES as $key => $value) { + foreach ((array)$_FILES as $key => $value) { // Handle array input if (is_array($value['name']) === false) { diff --git a/src/Pecee/SimpleRouter/Route/RouteController.php b/src/Pecee/SimpleRouter/Route/RouteController.php index 2347d2c..6ef22e8 100644 --- a/src/Pecee/SimpleRouter/Route/RouteController.php +++ b/src/Pecee/SimpleRouter/Route/RouteController.php @@ -66,7 +66,7 @@ class RouteController extends LoadableRoute implements IControllerRoute foreach (static::$requestTypes as $requestType) { if (stripos($method, $requestType) === 0) { - $method = substr($method, strlen($requestType)); + $method = (string)substr($method, strlen($requestType)); break; } } diff --git a/src/Pecee/SimpleRouter/Route/RouteResource.php b/src/Pecee/SimpleRouter/Route/RouteResource.php index 050e998..2bf54cf 100644 --- a/src/Pecee/SimpleRouter/Route/RouteResource.php +++ b/src/Pecee/SimpleRouter/Route/RouteResource.php @@ -53,7 +53,7 @@ class RouteResource extends LoadableRoute implements IControllerRoute /* Remove method/type */ if (strpos($name, '.') !== false) { - $name = substr($name, 0, strrpos($name, '.')); + $name = (string)substr($name, 0, strrpos($name, '.')); } return (strtolower($this->name) === strtolower($name)); diff --git a/src/Pecee/SimpleRouter/SimpleRouter.php b/src/Pecee/SimpleRouter/SimpleRouter.php index dd4de09..c085032 100644 --- a/src/Pecee/SimpleRouter/SimpleRouter.php +++ b/src/Pecee/SimpleRouter/SimpleRouter.php @@ -33,6 +33,10 @@ class SimpleRouter */ protected static $response; + /** + * Router instance + * @var Router + */ protected static $router; /** @@ -214,7 +218,7 @@ class SimpleRouter * @param string $url * @param string|\Closure $callback * @param array|null $settings - * @return RouteUrl + * @return RouteUrl|IRoute */ public static function match(array $requestMethods, $url, $callback, array $settings = null) { @@ -237,7 +241,7 @@ class SimpleRouter * @param string $url * @param string|\Closure $callback * @param array|null $settings - * @return RouteUrl + * @return RouteUrl|IRoute */ public static function all($url, $callback, array $settings = null) { @@ -259,7 +263,7 @@ class SimpleRouter * @param string $url * @param string $controller * @param array|null $settings - * @return RouteController + * @return RouteController|IRoute */ public static function controller($url, $controller, array $settings = null) { @@ -281,7 +285,7 @@ class SimpleRouter * @param string $url * @param string $controller * @param array|null $settings - * @return RouteResource + * @return RouteResource|IRoute */ public static function resource($url, $controller, array $settings = null) {