[Done v155] Uninitialized string offset in function zen_random_name()

[Dave224]

Note: low priority! Received a "PHP Notice: Uninitialized string offset: 26" and many "PHP Notice: String offset cast occurred" while debugging a download problem. The code is in includes/modules/pages/download_header_php.php and has existed since at least version 1.5.1. In function zen_random_name() around line 81 a random number between 1 and 26 is generated to use as an offset in a string of letters from a to z. The random number should be between 0 and 25 I believe, since a sting offset of 0 would be the letter "a" and an offset of 25 would be the letter "z". Changing the arguments of zen_rand from 1,26 to 0,25 should correct the problem.

The string offset cast is generated because since PHP 5.4, a notice is generated when the string offset is not an integer. Floor generates a float. Perhaps the function intval should replace floor, or enclose the entire expression, or cast with (int). I enclosed the entire expression with intval and the cast offset notices did not reappear.

Sorry to bother you with such a low priority issue but thought you should know.

[DrByte]

Agreed. Fortunately it doesn't significantly reduce entropy.

Corrected code, included in v1.5.5 since the 03-22-2016 zip, reads:

Code:

function zen_random_name()
{
  $letters = 'abcdefghijklmnopqrstuvwxyz';
  $dirname = '.';
  if (defined('DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT') && DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT === TRUE) $dirname = '';
  $length = floor(zen_rand(16,20));
  for ($i = 1; $i <= $length; $i++) {
    $q = floor(zen_rand(0,25));
    $dirname .= $letters[$q];
  }
  return $dirname;
}

Affects ZC versions 1.5.2 to 1.5.4 (well, prior versions too, but versions older than v152 don't run properly on PHP 5.4)