From fbbe9ed72fdd0634cab4d3f12faaef17ac914a60 Mon Sep 17 00:00:00 2001
From: resurtm <resurtm@gmail.com>
Date: Fri, 5 Jul 2013 14:46:28 +0600
Subject: [PATCH] Docblocks fixes and other minor adjustements made.

---
 CHANGELOG                           |  2 +-
 UPGRADE                             |  2 +-
 framework/base/CSecurityManager.php | 17 ++++++++++-------
 framework/utils/CPasswordHelper.php |  2 +-
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 30763788b..2310a3906 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -111,7 +111,7 @@ Version 1.1.14 work in progress
 - Enh #1977: CFormatter::normalizeDateValue() now is protected instead of private to enable child classes to override it (etienneq)
 - Enh #2003: Gii now allows namespaced base classes to be defined in generators (etienneq)
 - Enh #2038: CFormatter::formatNtext() method can replace newlines with `<p></p>` not just with `<br />` as it was before (resurtm)
-- Enh #2053: CPasswordHelper has been refactored, CSecurityManager has been enhanced and now able to generate cryptographically strong random stuff (resurtm, tom--, ekerazha, samdark)
+- Enh #2053: CPasswordHelper has been refactored, CSecurityManager has been enhanced and is now able to generate cryptographically strong random bytes and strings (resurtm, tom--, ekerazha, samdark)
 - Enh #2062: CWsdlGenerator now supports soap indicators (sequence, choice), injecting of custom WSDL string block and generation of human-friendly documentation for complex types. Added unit test. (lubosdz)
 - Enh #2090: Allow passing array of columns to CDbSchema::addPrimaryKey() (paystey)
 - Enh #2096: CAPTCHA: non-free Duality.ttf font replaced by open/free SpicyRice.ttf (licensed under SIL OFL v1.1) (resurtm)
diff --git a/UPGRADE b/UPGRADE
index f8f8d54f8..dfe19603a 100644
--- a/UPGRADE
+++ b/UPGRADE
@@ -70,7 +70,7 @@ Upgrading from v1.1.13
   from both these to `CActiveRelation`.
 
 - CSecurityManager::generateRandomKey() has been deprecated in favor of CSecurityManager::generateRandomString().
-  Try not to use anymore and avoid CSecurityManager::generateRandomKey() method in your code.
+  Try not to use it anymore and avoid CSecurityManager::generateRandomKey() method in your code.
 
 Upgrading from v1.1.12
 ----------------------
diff --git a/framework/base/CSecurityManager.php b/framework/base/CSecurityManager.php
index 40b251257..838789e4a 100644
--- a/framework/base/CSecurityManager.php
+++ b/framework/base/CSecurityManager.php
@@ -81,7 +81,7 @@ class CSecurityManager extends CApplicationComponent
 
 	/**
 	 * @return string a randomly generated private key.
-	 * @deprecated in favor of {@link generateRandomString()}. Never use this method.
+	 * @deprecated in favor of {@link generateRandomString()} since 1.1.14. Never use this method.
 	 */
 	protected function generateRandomKey()
 	{
@@ -330,9 +330,10 @@ class CSecurityManager extends CApplicationComponent
 	/**
 	 * Generate a random ASCII string. Generates only [0-9a-zA-z~.] characters which are all
 	 * transparent in raw URL encoding.
-	 * @param integer $length of the string in characters to be generated.
+	 * @param integer $length length of the generated string in characters.
 	 * @param boolean $cryptographicallyStrong set this to require cryptographically strong randomness.
-	 * @return string|boolean generated random string. Returns false in case string cannot be generated
+	 * @return string|boolean random string or false in case it cannot be generated.
+	 * @since 1.1.14
 	 */
 	public function generateRandomString($length,$cryptographicallyStrong=true)
 	{
@@ -345,8 +346,9 @@ class CSecurityManager extends CApplicationComponent
 	 * Generates a string of random bytes.
 	 * @param integer $length number of random bytes to be generated.
 	 * @param boolean $cryptographicallyStrong whether generated string should be cryptographically strong.
-	 * True parameter value may cause very slow random generation.
-	 * @return boolean|string generated random binary string. Returns false on failure.
+	 * Note that setting this parameter to true makes generation very slow.
+	 * @return boolean|string generated random binary string or false on failure.
+	 * @since 1.1.14
 	 */
 	public function generateRandomBytes($length,$cryptographicallyStrong=true)
 	{
@@ -405,8 +407,9 @@ class CSecurityManager extends CApplicationComponent
 
 	/**
 	 * Generate a pseudo random block of data using several sources. This is the better alternative
-	 * to {@link mt_rand} function which is not really random at all.
+	 * to {@link mt_rand} function which is not really random.
 	 * @return string of 64 pseudo random bytes.
+	 * @since 1.1.14
 	 */
 	public function generatePseudoRandomBlock()
 	{
@@ -435,7 +438,7 @@ class CSecurityManager extends CApplicationComponent
 	/**
 	 * Get random bytes from the system entropy source via PHP session manager.
 	 * @return boolean|string 20-byte random binary string or false on error.
-	 * Returns false in case it cannot be retrieved.
+	 * @since 1.1.14
 	 */
 	public function generateSessionRandomBlock()
 	{
diff --git a/framework/utils/CPasswordHelper.php b/framework/utils/CPasswordHelper.php
index edc974555..e4b8db673 100644
--- a/framework/utils/CPasswordHelper.php
+++ b/framework/utils/CPasswordHelper.php
@@ -114,7 +114,7 @@ class CPasswordHelper
 			throw new CException(Yii::t('yii','Cannot hash a password that is empty or not a string.'));
 
 		if (!$password || !preg_match('{^\$2[axy]\$(\d\d)\$[\./0-9A-Za-z]{22}}',$hash,$matches) ||
-			$matches[1] < 4 || $matches[1] > 31)
+			$matches[1]<4 || $matches[1]>31)
 			return false;
 
 		$test=crypt($password,$hash);