e2ee009e5c
- MWCryptRand: A new api for generating cryptographic randomness for security tokens. Uses whatever cryptographic source is available and if not falls back to using random state and clock drift. - wfRandomString - A simple non-cryptographic pesudo-random string generation function to replace wfGenerateToken which was written pretending to be secure when it's really not. - Core updates to use MWCryptRand in various places: -- user_token generation (to do this we stop generating user_token implicitly and only generate it when needed to avoid depleting the system's entropy pool by reading random data we'll never use) -- email confirmation token generation -- password salt generation -- temporary password generation -- Generation of the automatic watchlist token -- login and create user tokens -- session ids when php's entropy sources are not set -- the installer when generating wgSecretKey and the upgrade key |
||
|---|---|---|
| .. | ||
| CoreLinkFunctions.php | ||
| CoreParserFunctions.php | ||
| CoreTagHooks.php | ||
| DateFormatter.php | ||
| LinkHolderArray.php | ||
| Parser.php | ||
| Parser_DiffTest.php | ||
| Parser_LinkHooks.php | ||
| ParserCache.php | ||
| ParserOptions.php | ||
| ParserOutput.php | ||
| Preprocessor.php | ||
| Preprocessor_DOM.php | ||
| Preprocessor_Hash.php | ||
| Preprocessor_HipHop.hphp | ||
| StripState.php | ||
| Tidy.php | ||