diff --git a/system/Helpers/text_helper.php b/system/Helpers/text_helper.php index c8067a88a74b..b8298953bdd3 100644 --- a/system/Helpers/text_helper.php +++ b/system/Helpers/text_helper.php @@ -545,10 +545,8 @@ function reduce_multiples(string $str, string $character = ',', bool $trim = fal * * Useful for generating passwords or hashes. * - * @param string $type Type of random string. basic, alpha, alnum, numeric, nozero, md5, sha1, and crypto + * @param string $type Type of random string: alpha, alnum, numeric, nozero, or crypto * @param int $len Number of characters - * - * @deprecated The type 'basic', 'md5', and 'sha1' are deprecated. They are not cryptographically secure. */ function random_string(string $type = 'alnum', int $len = 8): string { @@ -578,12 +576,6 @@ function random_string(string $type = 'alnum', int $len = 8): string return sprintf('%0' . $len . 'd', $rand); - case 'md5': - return md5(uniqid((string) mt_rand(), true)); - - case 'sha1': - return sha1(uniqid((string) mt_rand(), true)); - case 'crypto': if ($len % 2 !== 0) { throw new InvalidArgumentException( @@ -594,8 +586,12 @@ function random_string(string $type = 'alnum', int $len = 8): string return bin2hex(random_bytes($len / 2)); } - // 'basic' type treated as default - return (string) mt_rand(); + throw new InvalidArgumentException( + sprintf( + 'Invalid type "%s". Accepted types: alpha, alnum, numeric, nozero, or crypto.', + $type, + ), + ); } } diff --git a/tests/system/Helpers/TextHelperTest.php b/tests/system/Helpers/TextHelperTest.php index 46748c94a745..a14c722816ae 100644 --- a/tests/system/Helpers/TextHelperTest.php +++ b/tests/system/Helpers/TextHelperTest.php @@ -130,12 +130,8 @@ public function testRandomString(): void $this->assertSame(16, strlen(random_string('numeric', 16))); $this->assertSame(8, strlen(random_string('numeric'))); - $this->assertIsString(random_string('basic')); $this->assertSame(16, strlen($random = random_string('crypto', 16))); $this->assertIsString($random); - - $this->assertSame(32, strlen($random = random_string('md5'))); - $this->assertSame(40, strlen($random = random_string('sha1'))); } /** @@ -151,6 +147,16 @@ public function testRandomStringCryptoOddNumber(): void random_string('crypto', 9); } + public function testRandomStringWithUnsupportedType(): void + { + $this->expectException(InvalidArgumentException::class); + $this->expectExceptionMessage( + 'Invalid type "basic". Accepted types: alpha, alnum, numeric, nozero, or crypto.', + ); + + random_string('basic'); + } + public function testIncrementString(): void { $this->assertSame('my-test_1', increment_string('my-test')); diff --git a/user_guide_src/source/changelogs/v4.7.0.rst b/user_guide_src/source/changelogs/v4.7.0.rst index dd5976d07a0f..8ac71bbb08a1 100644 --- a/user_guide_src/source/changelogs/v4.7.0.rst +++ b/user_guide_src/source/changelogs/v4.7.0.rst @@ -31,6 +31,11 @@ Interface Changes Method Signature Changes ======================== +Removed Deprecated Items +======================== + +- **Text Helper:** The deprecated types in ``random_string()`` function: ``basic``, ``md5``, and ``sha1`` has been removed. + ************ Enhancements ************ diff --git a/user_guide_src/source/helpers/text_helper.rst b/user_guide_src/source/helpers/text_helper.rst index d5966347f2ef..5a0fe51d9967 100644 --- a/user_guide_src/source/helpers/text_helper.rst +++ b/user_guide_src/source/helpers/text_helper.rst @@ -30,21 +30,13 @@ The following functions are available: Generates a random string based on the type and length you specify. Useful for creating passwords or generating random hashes. - .. warning:: For types: **basic**, **md5**, and **sha1**, generated strings - are not cryptographically secure. Therefore, these types cannot be used - for cryptographic purposes or purposes requiring unguessable return values. - Since v4.3.3, these types are deprecated. - The first parameter specifies the type of string, the second parameter specifies the length. The following choices are available: - **alpha**: A string with lower and uppercase letters only. - **alnum**: Alphanumeric string with lower and uppercase characters. - - **basic**: [deprecated] A random number based on ``mt_rand()`` (length ignored). - **numeric**: Numeric string. - **nozero**: Numeric string with no zeros. - - **md5**: [deprecated] An encrypted random number based on ``md5()`` (fixed length of 32). - - **sha1**: [deprecated] An encrypted random number based on ``sha1()`` (fixed length of 40). - **crypto**: A random string based on ``random_bytes()``. .. note:: When you use **crypto**, you must set an even number to the second parameter. diff --git a/utils/phpstan-baseline/loader.neon b/utils/phpstan-baseline/loader.neon index 8dad62c8396b..c8e963df78bc 100644 --- a/utils/phpstan-baseline/loader.neon +++ b/utils/phpstan-baseline/loader.neon @@ -1,4 +1,4 @@ -# total 3057 errors +# total 3056 errors includes: - argument.type.neon - assign.propertyType.neon diff --git a/utils/phpstan-baseline/method.alreadyNarrowedType.neon b/utils/phpstan-baseline/method.alreadyNarrowedType.neon index 23132319175b..b947b2cf7f0b 100644 --- a/utils/phpstan-baseline/method.alreadyNarrowedType.neon +++ b/utils/phpstan-baseline/method.alreadyNarrowedType.neon @@ -1,4 +1,4 @@ -# total 24 errors +# total 23 errors parameters: ignoreErrors: @@ -59,7 +59,7 @@ parameters: - message: '#^Call to method PHPUnit\\Framework\\Assert\:\:assertIsString\(\) with string will always evaluate to true\.$#' - count: 2 + count: 1 path: ../../tests/system/Helpers/TextHelperTest.php -