mirror_php/php-debugbar
1
0
Fork 0
mirror of https://github.com/maximebf/php-debugbar.git synced 2025-07-27 03:30:34 +02:00
Code Issues Releases Wiki Activity
Files
sort-widgets
php-debugbar/src/DebugBar/RequestIdGenerator.php
James Johnston 7102278c9e RequestIdGeneratorInterface now returns more random values (#336) 
Implementers of RequestIdGeneratorInterface::generate() need to be sure
that each call to generate() will return a unique ID.

This could fail to happen in the existing implementation if microtime()
returns the same value on two successive generate() calls that come
within the same microsecond.  For example, in a tight ID-generating
loop.  It was unlikely, but now it is practically impossible.

Additionally, implementers should make sure that the return value is not
all-numeric to avoid any mixed data types when IDs are used as keys in
PHP arrays.  (For example, numeric IDs could result in bugs when
array_merge is used.)
2017-07-21 08:20:20 +02:00

44 lines
1.5 KiB
PHP
Raw Permalink Blame History

<?php
/*
* This file is part of the DebugBar package.
*
* (c) 2013 Maxime Bouroumeau-Fuseau
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace DebugBar;
/**
* Basic request ID generator
*/
class RequestIdGenerator implements RequestIdGeneratorInterface
{
protected $index = 0;
/**
* @return string
*/
public function generate()
{
if (function_exists('random_bytes')) {
// PHP 7 only
return 'X' . bin2hex(random_bytes(16));
} else if (function_exists('openssl_random_pseudo_bytes')) {
// PHP >= 5.3.0, but OpenSSL may not always be available
return 'X' . bin2hex(openssl_random_pseudo_bytes(16));
} else {
// Fall back to a rudimentary ID generator:
// * $_SERVER array will make the ID unique to this request.
// * spl_object_hash($this) will make the ID unique to this object instance.
// (note that object hashes can be reused, but the other data here should prevent issues here).
// * uniqid('', true) will use the current microtime(), plus additional random data.
// * $this->index guarantees the uniqueness of IDs from the current object.
$this->index++;
$entropy = serialize($_SERVER) . uniqid('', true) . spl_object_hash($this) . $this->index;
return 'X' . md5($entropy);
}
}
}
Reference in New Issue View Git Blame Copy Permalink