PluginProbe ʕ •ᴥ•ʔ
JetBackup – Backup, Restore & Migrate / 1.5.1
JetBackup – Backup, Restore & Migrate v1.5.1
3.1.22.3 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.8.1 1.4.9 1.5.0 1.5.1 1.5.1.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6.0 1.6.10 1.6.11 1.6.12 1.6.13 1.6.15 1.6.5.1 1.6.8.8 1.6.9 1.6.9.1 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7.5 2.0.8.7 2.0.9.11 2.0.9.14 2.0.9.15 2.0.9.6 2.0.9.7 2.0.9.9 3.1.10.7 3.1.11.1 3.1.12.3 3.1.13.4 3.1.14.17 3.1.15.4 3.1.16.1 3.1.17.5 3.1.18.10 3.1.18.8 3.1.18.9 3.1.19.8 3.1.20.3 3.1.21.3 3.1.7.9 3.1.9.2 trunk 1.1.90 1.1.91 1.2.0 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2
backup / com / lib / Dropbox / Security.php
backup / com / lib / Dropbox Last commit date
Exception 5 years ago WebAuthException 5 years ago certs 5 years ago AppInfo.php 5 years ago AppInfoLoadException.php 5 years ago ArrayEntryStore.php 5 years ago AuthBase.php 5 years ago AuthInfo.php 5 years ago AuthInfoLoadException.php 5 years ago Checker.php 5 years ago Client.php 5 years ago Curl.php 5 years ago CurlStreamRelay.php 5 years ago DeserializeException.php 5 years ago DropboxMetadataHeaderCatcher.php 5 years ago Exception.php 5 years ago Host.php 5 years ago HttpResponse.php 5 years ago OAuth1AccessToken.php 5 years ago OAuth1Upgrader.php 5 years ago Path.php 5 years ago RequestUtil.php 5 years ago RootCertificates.php 5 years ago SSLTester.php 5 years ago Security.php 5 years ago StreamReadException.php 5 years ago Util.php 5 years ago ValueStore.php 5 years ago WebAuth.php 5 years ago WebAuthBase.php 5 years ago WebAuthNoRedirect.php 5 years ago WriteMode.php 5 years ago autoload.php 5 years ago strict.php 5 years ago
Security.php
68 lines
1 <?php
2 namespace Dropbox;
3
4 /**
5 * Helper functions for security-related things.
6 */
7 class Security
8 {
9 /**
10 * A string equality function that compares strings in a way that isn't suceptible to timing
11 * attacks. An attacker can figure out the length of the string, but not the string's value.
12 *
13 * Use this when comparing two strings where:
14 * - one string could be influenced by an attacker
15 * - the other string contains data an attacker shouldn't know
16 *
17 * @param string $a
18 * @param string $b
19 * @return bool
20 */
21 static function stringEquals($a, $b)
22 {
23 // Be strict with arguments. PHP's liberal types could get us pwned.
24 if (func_num_args() !== 2) {
25 throw new \InvalidArgumentException("Expecting 2 args, got ".func_num_args().".");
26 }
27 Checker::argString("a", $a);
28 Checker::argString("b", $b);
29
30 $len = strlen($a);
31 if (strlen($b) !== $len) return false;
32
33 $result = 0;
34 for ($i = 0; $i < $len; $i++) {
35 $result |= ord($a[$i]) ^ ord($b[$i]);
36 }
37 return $result === 0;
38 }
39
40 /**
41 * Returns cryptographically strong secure random bytes (as a PHP string).
42 *
43 * @param int $numBytes
44 * The number of bytes of random data to return.
45 *
46 * @return string
47 */
48 static function getRandomBytes($numBytes)
49 {
50 Checker::argIntPositive("numBytes", $numBytes);
51
52 // openssl_random_pseudo_bytes had some issues prior to PHP 5.3.4
53 if (function_exists('openssl_random_pseudo_bytes')
54 && version_compare(PHP_VERSION, '5.3.4') >= 0) {
55 $s = openssl_random_pseudo_bytes($numBytes, $isCryptoStrong);
56 if ($isCryptoStrong) return $s;
57 }
58
59 if (function_exists('mcrypt_create_iv')) {
60 return mcrypt_create_iv($numBytes);
61 }
62
63 // Hopefully the above two options cover all our users. But if not, there are
64 // other platform-specific options we could add.
65 throw new \Exception("no suitable random number source available");
66 }
67 }
68