From fb917e5d951c55854c9fa72fb1271237f81d673b Mon Sep 17 00:00:00 2001 From: Peter Westwood Date: Fri, 31 Aug 2012 09:45:50 +0000 Subject: [PATCH] Make sure that we always generate random numbers correctly even if the PHP build is slightly broken and truncates large integers. Fixes #19571 props mdawaffe. git-svn-id: http://core.svn.wordpress.org/trunk@21685 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 403a452901..e3791961c7 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1496,13 +1496,13 @@ function wp_generate_password( $length = 12, $special_chars = true, $extra_speci endif; if ( !function_exists('wp_rand') ) : - /** +/** * Generates a random number * * @since 2.6.2 * - * @param int $min Lower limit for the generated number (optional, default is 0) - * @param int $max Upper limit for the generated number (optional, default is 4294967295) + * @param int $min Lower limit for the generated number + * @param int $max Upper limit for the generated number * @return int A random number between min and max */ function wp_rand( $min = 0, $max = 0 ) { @@ -1531,10 +1531,12 @@ function wp_rand( $min = 0, $max = 0 ) { $value = abs(hexdec($value)); + // Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats. + $max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff + // Reduce the value to be within the min - max range - // 4294967295 = 0xffffffff = max random number if ( $max != 0 ) - $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); + $value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 ); return abs(intval($value)); }