From b8722d6bd0d7887f9c437c961e1b9b09931dacec Mon Sep 17 00:00:00 2001 From: michalsn Date: Tue, 3 Jun 2025 08:24:57 +0200 Subject: [PATCH 1/3] refactor: remove deprecated types in random_string() helper --- system/Helpers/text_helper.php | 13 +++---------- tests/system/Helpers/TextHelperTest.php | 14 ++++++++++---- user_guide_src/source/changelogs/v4.7.0.rst | 5 +++++ user_guide_src/source/helpers/text_helper.rst | 8 -------- utils/phpstan-baseline/loader.neon | 2 +- .../method.alreadyNarrowedType.neon | 4 ++-- 6 files changed, 21 insertions(+), 25 deletions(-) diff --git a/system/Helpers/text_helper.php b/system/Helpers/text_helper.php index c8067a88a74b..496bac94e772 100644 --- a/system/Helpers/text_helper.php +++ b/system/Helpers/text_helper.php @@ -547,8 +547,6 @@ function reduce_multiples(string $str, string $character = ',', bool $trim = fal * * @param string $type Type of random string. basic, alpha, alnum, numeric, nozero, md5, sha1, and crypto * @param int $len Number of characters - * - * @deprecated The type 'basic', 'md5', and 'sha1' are deprecated. They are not cryptographically secure. */ function random_string(string $type = 'alnum', int $len = 8): string { @@ -578,12 +576,6 @@ function random_string(string $type = 'alnum', int $len = 8): string return sprintf('%0' . $len . 'd', $rand); - case 'md5': - return md5(uniqid((string) mt_rand(), true)); - - case 'sha1': - return sha1(uniqid((string) mt_rand(), true)); - case 'crypto': if ($len % 2 !== 0) { throw new InvalidArgumentException( @@ -594,8 +586,9 @@ function random_string(string $type = 'alnum', int $len = 8): string return bin2hex(random_bytes($len / 2)); } - // 'basic' type treated as default - return (string) mt_rand(); + throw new InvalidArgumentException( + 'You must set a valid type to the first parameter when you use `random_string`.', + ); } } diff --git a/tests/system/Helpers/TextHelperTest.php b/tests/system/Helpers/TextHelperTest.php index 46748c94a745..fc1cecf787d4 100644 --- a/tests/system/Helpers/TextHelperTest.php +++ b/tests/system/Helpers/TextHelperTest.php @@ -130,12 +130,8 @@ public function testRandomString(): void $this->assertSame(16, strlen(random_string('numeric', 16))); $this->assertSame(8, strlen(random_string('numeric'))); - $this->assertIsString(random_string('basic')); $this->assertSame(16, strlen($random = random_string('crypto', 16))); $this->assertIsString($random); - - $this->assertSame(32, strlen($random = random_string('md5'))); - $this->assertSame(40, strlen($random = random_string('sha1'))); } /** @@ -151,6 +147,16 @@ public function testRandomStringCryptoOddNumber(): void random_string('crypto', 9); } + public function testRandomStringWithUnsupportedType(): void + { + $this->expectException(InvalidArgumentException::class); + $this->expectExceptionMessage( + 'You must set a valid type to the first parameter when you use `random_string`.', + ); + + random_string('basic'); + } + public function testIncrementString(): void { $this->assertSame('my-test_1', increment_string('my-test')); diff --git a/user_guide_src/source/changelogs/v4.7.0.rst b/user_guide_src/source/changelogs/v4.7.0.rst index dd5976d07a0f..8ac71bbb08a1 100644 --- a/user_guide_src/source/changelogs/v4.7.0.rst +++ b/user_guide_src/source/changelogs/v4.7.0.rst @@ -31,6 +31,11 @@ Interface Changes Method Signature Changes ======================== +Removed Deprecated Items +======================== + +- **Text Helper:** The deprecated types in ``random_string()`` function: ``basic``, ``md5``, and ``sha1`` has been removed. + ************ Enhancements ************ diff --git a/user_guide_src/source/helpers/text_helper.rst b/user_guide_src/source/helpers/text_helper.rst index d5966347f2ef..5a0fe51d9967 100644 --- a/user_guide_src/source/helpers/text_helper.rst +++ b/user_guide_src/source/helpers/text_helper.rst @@ -30,21 +30,13 @@ The following functions are available: Generates a random string based on the type and length you specify. Useful for creating passwords or generating random hashes. - .. warning:: For types: **basic**, **md5**, and **sha1**, generated strings - are not cryptographically secure. Therefore, these types cannot be used - for cryptographic purposes or purposes requiring unguessable return values. - Since v4.3.3, these types are deprecated. - The first parameter specifies the type of string, the second parameter specifies the length. The following choices are available: - **alpha**: A string with lower and uppercase letters only. - **alnum**: Alphanumeric string with lower and uppercase characters. - - **basic**: [deprecated] A random number based on ``mt_rand()`` (length ignored). - **numeric**: Numeric string. - **nozero**: Numeric string with no zeros. - - **md5**: [deprecated] An encrypted random number based on ``md5()`` (fixed length of 32). - - **sha1**: [deprecated] An encrypted random number based on ``sha1()`` (fixed length of 40). - **crypto**: A random string based on ``random_bytes()``. .. note:: When you use **crypto**, you must set an even number to the second parameter. diff --git a/utils/phpstan-baseline/loader.neon b/utils/phpstan-baseline/loader.neon index 8dad62c8396b..c8e963df78bc 100644 --- a/utils/phpstan-baseline/loader.neon +++ b/utils/phpstan-baseline/loader.neon @@ -1,4 +1,4 @@ -# total 3057 errors +# total 3056 errors includes: - argument.type.neon - assign.propertyType.neon diff --git a/utils/phpstan-baseline/method.alreadyNarrowedType.neon b/utils/phpstan-baseline/method.alreadyNarrowedType.neon index 23132319175b..b947b2cf7f0b 100644 --- a/utils/phpstan-baseline/method.alreadyNarrowedType.neon +++ b/utils/phpstan-baseline/method.alreadyNarrowedType.neon @@ -1,4 +1,4 @@ -# total 24 errors +# total 23 errors parameters: ignoreErrors: @@ -59,7 +59,7 @@ parameters: - message: '#^Call to method PHPUnit\\Framework\\Assert\:\:assertIsString\(\) with string will always evaluate to true\.$#' - count: 2 + count: 1 path: ../../tests/system/Helpers/TextHelperTest.php - From 8a937809d5ce9c199b448872851916e9fa2154b9 Mon Sep 17 00:00:00 2001 From: Michal Sniatala Date: Tue, 3 Jun 2025 08:49:36 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: John Paul E. Balandan, CPA --- system/Helpers/text_helper.php | 5 +++-- tests/system/Helpers/TextHelperTest.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/system/Helpers/text_helper.php b/system/Helpers/text_helper.php index 496bac94e772..1b6a57173d7e 100644 --- a/system/Helpers/text_helper.php +++ b/system/Helpers/text_helper.php @@ -545,7 +545,7 @@ function reduce_multiples(string $str, string $character = ',', bool $trim = fal * * Useful for generating passwords or hashes. * - * @param string $type Type of random string. basic, alpha, alnum, numeric, nozero, md5, sha1, and crypto + * @param string $type Type of random string: alpha, alnum, numeric, nozero, or crypto * @param int $len Number of characters */ function random_string(string $type = 'alnum', int $len = 8): string @@ -587,7 +587,8 @@ function random_string(string $type = 'alnum', int $len = 8): string } throw new InvalidArgumentException( - 'You must set a valid type to the first parameter when you use `random_string`.', + sprintf('Invalid type "%s". Accepted types: alpha, alnum, numeric, nozero, or crypto.'), + $type, ); } } diff --git a/tests/system/Helpers/TextHelperTest.php b/tests/system/Helpers/TextHelperTest.php index fc1cecf787d4..2daa43f66c0a 100644 --- a/tests/system/Helpers/TextHelperTest.php +++ b/tests/system/Helpers/TextHelperTest.php @@ -151,7 +151,7 @@ public function testRandomStringWithUnsupportedType(): void { $this->expectException(InvalidArgumentException::class); $this->expectExceptionMessage( - 'You must set a valid type to the first parameter when you use `random_string`.', + 'Invalid type "basic". Accepted types: alpha, alnum, numeric, nozero, or crypto.', ); random_string('basic'); From 5ae0bf819290018411a3d41b391d18f5b3667097 Mon Sep 17 00:00:00 2001 From: michalsn Date: Tue, 3 Jun 2025 08:53:34 +0200 Subject: [PATCH 3/3] cs fix --- system/Helpers/text_helper.php | 6 ++++-- tests/system/Helpers/TextHelperTest.php | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/system/Helpers/text_helper.php b/system/Helpers/text_helper.php index 1b6a57173d7e..b8298953bdd3 100644 --- a/system/Helpers/text_helper.php +++ b/system/Helpers/text_helper.php @@ -587,8 +587,10 @@ function random_string(string $type = 'alnum', int $len = 8): string } throw new InvalidArgumentException( - sprintf('Invalid type "%s". Accepted types: alpha, alnum, numeric, nozero, or crypto.'), - $type, + sprintf( + 'Invalid type "%s". Accepted types: alpha, alnum, numeric, nozero, or crypto.', + $type, + ), ); } } diff --git a/tests/system/Helpers/TextHelperTest.php b/tests/system/Helpers/TextHelperTest.php index 2daa43f66c0a..a14c722816ae 100644 --- a/tests/system/Helpers/TextHelperTest.php +++ b/tests/system/Helpers/TextHelperTest.php @@ -151,7 +151,7 @@ public function testRandomStringWithUnsupportedType(): void { $this->expectException(InvalidArgumentException::class); $this->expectExceptionMessage( - 'Invalid type "basic". Accepted types: alpha, alnum, numeric, nozero, or crypto.', + 'Invalid type "basic". Accepted types: alpha, alnum, numeric, nozero, or crypto.', ); random_string('basic');