php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-14 14:28:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
15,004 Commits 9 Branches 79 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
Carsten Brandt
e94b68436d complete test coverage for reading /dev/urandom 
fixes an issue with buffered reading
 2016-04-28 11:45:37 +02:00
Carsten Brandt
f2f082dbab moved checks before random_bytes() to have consistent behavior accross php versions 2016-04-28 04:16:22 +02:00
Alexander Makarov
0c6c1eebd1 Better buffer usage description as suggested by @tom-- 
https://github.com/yiisoft/yii2/pull/11285#discussion_r59960199
 2016-04-16 12:45:23 +03:00
Alexander Makarov
6a80a132e2 Converted constant into local variable #11285 2016-04-12 16:34:47 +03:00
Alexander Makarov
81b18e1538 Fixed variable name 2016-04-06 10:59:17 +03:00
Alexander Makarov
371440d59a More Security component enhancements 
- Removed PHP version checks since both are met by default because Yii requires 5.4.0+.
- Limit PHP fread buffer in order to prevent entropy wasting.
- Fixed incorrect bytes to read calculation.
- Added more notes explaining decisions.
 2016-04-06 03:35:52 +03:00
Tom Worster
c455a3c54b Security component enhancements 
- Added tests for random key generation speed.
- Better generateRandomKey() performance for small reads because of using fopen + buffered read and local caching of source detection.
- Use /dev/random on FreeBSD.
 2016-04-06 01:49:07 +03:00
Carsten Brandt
191f2a4943 fixed phpdoc type names 2016-02-25 20:24:32 +01:00
Carsten Brandt
f620f4de90 phpdoc fixes 2016-02-07 19:48:13 +01:00
Tom Worster
40fc49bf16 remove obsolete @throw tags 2016-01-04 15:08:04 -05:00
Tom Worster
ba19858e58 move private state var also 2015-12-20 21:28:03 -05:00
Tom Worster
83b61eae43 move "private" consts before generateRandomKey() 2015-12-20 21:25:33 -05:00
Tom Worster
358e9115ed comment lstat 2015-12-20 21:21:34 -05:00
Tom Worster
e7a888ad11 use file_get_contents and not magic numbers 2015-12-20 11:48:36 -05:00
Tom Worster
1f41a2c9af Fixes #9878,9879,9880: Make \base\Security use random_bytes(), LibreSSL, mcrypt, limit OpenSSL to Windows, and to prefer password_hash() over crypt() 2015-12-19 13:13:23 +03:00
SilverFire - Dmitry Naumenko
cd87d67f34 Global DOCS update: ~~~ replaced with ``` 2015-12-02 23:15:28 +02:00
artur
e1509bfe73 Fix methods references 2015-11-25 12:04:43 +02:00
Carsten Brandt
6d9fe671de various code style and whitespace adjustments 2015-08-02 00:27:19 +02:00
freezy
6a4436f95b [Fixes #9177] Password Hash Cost setting for Security component 2015-07-23 09:09:55 +02:00
onedevlink
c4ab9a0891 Fixed typo in base/Security file and docs 2015-07-02 11:22:15 +03:00
Alexander Mohorev
68c30c1034 Replace aliases of functions 2015-06-29 22:59:22 +03:00
Yasser Hassan
daab0e9aef Fixing typo. 
close #7941
 2015-04-01 02:16:08 +02:00
Alexander Makarov
d7346cbfaf Used PHP_OS instead of php_uname() to check for Linix 2015-03-01 02:31:13 +03:00
Alexander Makarov
4fffd8fcef Prevented Security from erroring in case of /dev/urandom or /dev/random aren't available 2015-02-28 23:04:19 +03:00
Alexander Makarov
7721baae1f Used StringHelper for byte operations 2015-02-24 19:20:28 +03:00
tom--
4512833fac Fixes #7215: Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward 2015-02-24 14:03:41 +03:00
munawer
33b760eca2 [ci skip] Guide typos fixed 2014-11-04 13:05:47 +03:00
Qiang Xue
186c843abc Merge pull request #5766 from mongosoft/feature 
Code style fixes
 2014-10-25 12:46:01 -04:00
Alexander Mohorev
899b778994 Correct type declarations 2014-10-25 16:35:50 +03:00
Alexander Mohorev
bb8550886e PHP type casting 2014-10-25 15:30:03 +03:00
Alexander Mohorev
f1edafffaf PHPDoc comment doesn't contain all necessary @throws tag 
close #5762
 2014-10-25 12:47:08 +02:00
Sergey
783d1ccaed typo fix 
close #5454
 2014-10-09 18:01:24 +02:00
Henry Abbott
00aab7c379 Fixed typo in comments for generatePasswordHash 2014-08-09 00:23:29 -04:00
Qiang Xue
83b800271b Merge branch 'master' of git://github.com/yiisoft/yii2 2014-07-29 20:54:07 -04:00
Qiang Xue
a0d19e922b Fixes #4497: changed to use hex digits by default when hashing data. 2014-07-29 20:54:01 -04:00
Carsten Brandt
ca9d4867f4 code style 2014-07-29 22:23:59 +02:00
Alexander Makarov
be24a2e2c7 Removed mentions of $deriveKeyStrategy from Security phpdoc 2014-07-28 13:36:06 +04:00
tom--
33f2525a39 Remove nonsense branch logic 2014-07-27 14:30:13 -04:00
tom--
4f5b7afd95 Merge branch 'master' of git://github.com/yiisoft/yii2 into 4469-compareString-without-shortcut 2014-07-27 12:04:03 -04:00
tom--
c6a8b418ef compareString(): timing depends only on length of $actual input, unit test 2014-07-27 12:03:03 -04:00
Vincent
56a9536b51 Typo in docs 2014-07-26 17:07:06 +02:00
Qiang Xue
b680afc721 Fixes #4462. 2014-07-26 10:08:52 -04:00
Alexander Makarov
c5a3cd511e Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public 2014-07-26 14:09:38 +04:00
tom--
2c5c2c101b Fixes #4131: Security adjustments 2014-07-26 03:29:30 +04:00
Alexander Makarov
8802d0305e Avoid method call in for condition 2014-07-23 16:42:41 +04:00
Alexander Makarov
deecdcad84 Adjusted exception message when pdkdbf2 is set but environment isn't OK 2014-06-30 21:23:33 +04:00
Alexander Makarov
481db35512 Fixes #4114: Added Security::generateRandomHexKey(), used it for various tokens and default key generation 2014-06-30 16:36:52 +04:00
Paul Klimov
90a625013c Result check at Security::generateRandomKey() added 2014-06-29 15:39:25 +03:00
fps01
039909a846 Fixed a call of function "generateRandomKey()" in app\base\Security 2014-06-29 12:23:06 +04:00
Qiang Xue
399b6b18e3 Fixes #4103 2014-06-28 21:58:07 -04:00