From 9fc280d8e9c1d65b9cddda1ce1644fc03322ffb8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Thu, 14 Nov 2019 23:22:42 +0100 Subject: [PATCH] Change alphabet generation Fix a huge regression with recent php7 smart behaviour which resulter in data corruption Various cleanup --- Utils/Slugger.php | 91 ++++++++++++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 33 deletions(-) diff --git a/Utils/Slugger.php b/Utils/Slugger.php index f3d8e25..2172515 100644 --- a/Utils/Slugger.php +++ b/Utils/Slugger.php @@ -2,23 +2,67 @@ namespace Rapsys\UserBundle\Utils; +use Symfony\Component\DependencyInjection\ContainerInterface; + class Slugger { //The secret parameter private $secret; + //The alpha array + private $alpha; + + //The rev array + private $rev; + + //The alpha array key number + private $count; + //The offset reduced from secret private $offset; //Retrieve secret and set offset from reduction - public function __construct(\Symfony\Component\DependencyInjection\ContainerInterface $container) { + public function __construct(ContainerInterface $container) { //Set secret - $this->secret = $container->getParameter('secret'); + $this->secret = $container->getParameter('kernel.secret'); + + //Pseudo-random alphabet + //XXX: use array flip and keys to workaround php "smart" that cast range('0', '9') as int instead of string + //XXX: The key count mismatch, count(alpha)>count(rev), resulted in a data corruption due to duplicate numeric values + //TODO: set this as a parameter generated once in a command ? + $this->alpha = array_keys(array_flip(array_merge( + range('^', '[', -1), + range('V', 'Z'), + range('9', '7', -1), + range('L', 'O'), + range('f', 'a', -1), + range('_', '`'), + range('3', '0', -1), + range('E', 'H'), + range('v', 'r', -1), + range('+', '/'), + range('K', 'I', -1), + range('g', 'j'), + range('=', ':', -1), + range('>', '@'), + range('m', 'k', -1), + range('4', '6'), + range('*', '%', -1), + range('n', 'q'), + range('U', 'P', -1), + range(' ', '$'), + range('D', 'A', -1), + range('w', 'z'), + range('~', '!', -1) + ))); //Init rev array - $rev = array_flip(array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'), range('!', '~'))); + $this->count = count($rev = $this->rev = array_flip($this->alpha)); + + //Init split + $split = str_split($this->secret); //Set offset - $this->offset = array_reduce(str_split($this->secret), function ($res, $a) use ($rev) { return $res += $rev[$a]; }, count($this->secret)) % count($rev); + $this->offset = array_reduce($split, function ($res, $a) use ($rev) { return $res += $rev[$a]; }, count($split)) % $this->count; } //Short the string @@ -26,24 +70,16 @@ class Slugger { //Return string $ret = ''; - //Alphabet - $alpha = array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'), range('!', '~')); - - //Reverse alphabet - $rev = array_flip($alpha); - - //Number characters - $count = count($alpha); - //Iterate on each character - foreach(str_split($string) as $c) { - if (isset($rev[$c]) && isset($alpha[($rev[$c]+$this->offset)%$count])) { - $ret .= $alpha[($rev[$c]+$this->offset)%$count]; + foreach(str_split($string) as $k => $c) { + if (isset($this->rev[$c]) && isset($this->alpha[($this->rev[$c]+$this->offset)%$this->count])) { + //XXX: Remap char to an other one + $ret .= chr(($this->rev[$c] - $this->offset + $this->count) % $this->count); } } //Send result - return str_replace(array('+','/'), array('-','_'), base64_encode($ret)); + return str_replace(['+','/'], ['-','_'], base64_encode($ret)); } //Unshort the string @@ -51,20 +87,10 @@ class Slugger { //Return string $ret = ''; - //Alphabet - $alpha = array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'), range('!', '~')); - - //Reverse alphabet - $rev = array_flip($alpha); - - //Number characters - $count = count($alpha); - //Iterate on each character - foreach(str_split(base64_decode(str_replace(array('-','_'), array('+','/'), $string))) as $c) { - if (isset($rev[$c]) && isset($alpha[($rev[$c]-$this->offset+$count)%$count])) { - $ret .= $alpha[($rev[$c]-$this->offset+$count)%$count]; - } + foreach(str_split(base64_decode(str_replace(['-','_'], ['+','/'], $string))) as $c) { + //XXX: Reverse map char to an other one + $ret .= $this->alpha[(ord($c) + $this->offset) % $this->count]; } //Send result @@ -73,12 +99,11 @@ class Slugger { //Crypt and base64uri encode string public function hash($string) { - return str_replace(array('+','/'), array('-','_'), base64_encode(crypt($string, $this->secret))); + return str_replace(['+','/'], ['-','_'], base64_encode(crypt($string, $this->secret))); } //Convert string to safe slug function slug($string) { - return preg_replace('/[\/_|+ -]+/', '-', strtolower(trim(preg_replace('/[^a-zA-Z0-9\/_|+ -]/', '', str_replace(array('\'', '"'), ' ', iconv('UTF-8', 'ASCII//TRANSLIT', $string))), '-'))); + return preg_replace('/[\/_|+ -]+/', '-', strtolower(trim(preg_replace('/[^a-zA-Z0-9\/_|+ -]/', '', str_replace(['\'', '"'], ' ', iconv('UTF-8', 'ASCII//TRANSLIT', $string))), '-'))); } - } -- 2.41.0