Docblocks fixes and other minor adjustements made.

2026-02-20 01:21:22 +01:00 · 2013-07-05 14:46:28 +06:00
parent 4cd2d38a71
commit fbbe9ed72f
4 changed files with 13 additions and 10 deletions
--- a/2
+++ b/2
@@ -111,7 +111,7 @@ Version 1.1.14 work in progress
 - Enh #1977: CFormatter::normalizeDateValue() now is protected instead of private to enable child classes to override it (etienneq)
 - Enh #2003: Gii now allows namespaced base classes to be defined in generators (etienneq)
 - Enh #2038: CFormatter::formatNtext() method can replace newlines with `<p></p>` not just with `<br />` as it was before (resurtm)
- Enh #2053: CPasswordHelper has been refactored, CSecurityManager has been enhanced and now able to generate cryptographically strong random stuff (resurtm, tom--, ekerazha, samdark)
+- Enh #2053: CPasswordHelper has been refactored, CSecurityManager has been enhanced and is now able to generate cryptographically strong random bytes and strings (resurtm, tom--, ekerazha, samdark)
 - Enh #2062: CWsdlGenerator now supports soap indicators (sequence, choice), injecting of custom WSDL string block and generation of human-friendly documentation for complex types. Added unit test. (lubosdz)
 - Enh #2090: Allow passing array of columns to CDbSchema::addPrimaryKey() (paystey)
 - Enh #2096: CAPTCHA: non-free Duality.ttf font replaced by open/free SpicyRice.ttf (licensed under SIL OFL v1.1) (resurtm)
--- a/2
+++ b/2
@@ -70,7 +70,7 @@ Upgrading from v1.1.13
  from both these to `CActiveRelation`.

 - CSecurityManager::generateRandomKey() has been deprecated in favor of CSecurityManager::generateRandomString().
-  Try not to use anymore and avoid CSecurityManager::generateRandomKey() method in your code.
+  Try not to use it anymore and avoid CSecurityManager::generateRandomKey() method in your code.

 Upgrading from v1.1.12
 ----------------------
--- a/framework/base/CSecurityManager.php
+++ b/framework/base/CSecurityManager.php
@@ -81,7 +81,7 @@ class CSecurityManager extends CApplicationComponent

 	/**
 	 * @return string a randomly generated private key.
-	 * @deprecated in favor of {@link generateRandomString()}. Never use this method.
+	 * @deprecated in favor of {@link generateRandomString()} since 1.1.14. Never use this method.
 	 */
 	protected function generateRandomKey()
 	{
@@ -330,9 +330,10 @@ class CSecurityManager extends CApplicationComponent
 	/**
 	 * Generate a random ASCII string. Generates only [0-9a-zA-z~.] characters which are all
 	 * transparent in raw URL encoding.
-	 * @param integer $length of the string in characters to be generated.
+	 * @param integer $length length of the generated string in characters.
 	 * @param boolean $cryptographicallyStrong set this to require cryptographically strong randomness.
-	 * @return string|boolean generated random string. Returns false in case string cannot be generated
+	 * @return string|boolean random string or false in case it cannot be generated.
+	 * @since 1.1.14
 	 */
 	public function generateRandomString($length,$cryptographicallyStrong=true)
 	{
@@ -345,8 +346,9 @@ class CSecurityManager extends CApplicationComponent
 	 * Generates a string of random bytes.
 	 * @param integer $length number of random bytes to be generated.
 	 * @param boolean $cryptographicallyStrong whether generated string should be cryptographically strong.
-	 * True parameter value may cause very slow random generation.
-	 * @return boolean|string generated random binary string. Returns false on failure.
+	 * Note that setting this parameter to true makes generation very slow.
+	 * @return boolean|string generated random binary string or false on failure.
+	 * @since 1.1.14
 	 */
 	public function generateRandomBytes($length,$cryptographicallyStrong=true)
 	{
@@ -405,8 +407,9 @@ class CSecurityManager extends CApplicationComponent

 	/**
 	 * Generate a pseudo random block of data using several sources. This is the better alternative
-	 * to {@link mt_rand} function which is not really random at all.
+	 * to {@link mt_rand} function which is not really random.
 	 * @return string of 64 pseudo random bytes.
+	 * @since 1.1.14
 	 */
 	public function generatePseudoRandomBlock()
 	{
@@ -435,7 +438,7 @@ class CSecurityManager extends CApplicationComponent
 	/**
 	 * Get random bytes from the system entropy source via PHP session manager.
 	 * @return boolean|string 20-byte random binary string or false on error.
-	 * Returns false in case it cannot be retrieved.
+	 * @since 1.1.14
 	 */
 	public function generateSessionRandomBlock()
 	{
--- a/framework/utils/CPasswordHelper.php
+++ b/framework/utils/CPasswordHelper.php
@@ -114,7 +114,7 @@ class CPasswordHelper
 			throw new CException(Yii::t('yii','Cannot hash a password that is empty or not a string.'));

 		if (!$password || !preg_match('{^\$2[axy]\$(\d\d)\$[\./0-9A-Za-z]{22}}',$hash,$matches) ||
-			$matches[1] < 4 || $matches[1] > 31)
+			$matches[1]<4 || $matches[1]>31)
 			return false;

 		$test=crypt($password,$hash);