From 8a1f9ada65d746b630c96b184000f3f0bf6cf34d Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 30 Nov 2012 05:40:20 +0100
Subject: Update to MediaWiki 1.19.3

---
 includes/GlobalFunctions.php | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

(limited to 'includes/GlobalFunctions.php')

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 52cd46a5..65fc643e 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3292,6 +3292,23 @@ function wfHttpOnlySafe() {
 	return true;
 }
 
+/**
+ * Check if there is sufficent entropy in php's built-in session generation
+ * PHP's built-in session entropy is enabled if:
+ * - entropy_file is set or you're on Windows with php 5.3.3+
+ * - AND entropy_length is > 0
+ * We treat it as disabled if it doesn't have an entropy length of at least 32
+ *
+ * @return bool true = there is sufficient entropy
+ */
+function wfCheckEntropy() {
+	return (
+			( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
+			|| ini_get( 'session.entropy_file' )
+		)
+		&& intval( ini_get( 'session.entropy_length' ) ) >= 32;
+}
+
 /**
  * Override session_id before session startup if php's built-in
  * session generation code is not secure.
@@ -3302,16 +3319,8 @@ function wfFixSessionID() {
 		return;
 	}
 
-	// PHP's built-in session entropy is enabled if:
-	// - entropy_file is set or you're on Windows with php 5.3.3+
-	// - AND entropy_length is > 0
-	// We treat it as disabled if it doesn't have an entropy length of at least 32
-	$entropyEnabled = (
-			( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
-			|| ini_get( 'session.entropy_file' )
-		)
-		&& intval( ini_get( 'session.entropy_length' ) ) >= 32;
-	
+	$entropyEnabled = wfCheckEntropy();
+
 	// If built-in entropy is not enabled or not sufficient override php's built in session id generation code
 	if ( !$entropyEnabled ) {
 		wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, overriding session id generation using our cryptrand source.\n" );
-- 
cgit v1.2.2