From: Alexander Ebert Date: Sun, 16 Jun 2024 11:31:00 +0000 (+0200) Subject: Simplify the generation of HTML node identifiers X-Git-Tag: 6.1.0_Alpha_1~61 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3b9604d543c71f5626b62d8a72763020e6658132;p=GitHub%2FWoltLab%2FWCF.git Simplify the generation of HTML node identifiers We do not to generate completely random identifiers, the original intention was to prevent collisions with existing tag names. Using a per-request random prefix together with a counter is sufficient to generate unique tag names without paying the CSPRNG tax for ever node. --- diff --git a/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php b/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php index 6ef44f7e32..c082a869db 100644 --- a/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php +++ b/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php @@ -370,18 +370,17 @@ abstract class AbstractHtmlNodeProcessor implements IHtmlNodeProcessor */ public function getWcfNodeIdentifer(): array { - static $engine = null; - - if ($engine === null) { - if (\class_exists(\Random\Engine\Xoshiro256StarStar::class, false)) { - $randomizer = new \Random\Randomizer(new \Random\Engine\Xoshiro256StarStar()); - $engine = static fn () => \bin2hex($randomizer->getBytes(16)); - } else { - $engine = static fn () => \bin2hex(\random_bytes(16)); - } + static $counter = 0; + static $prefix = null; + + if ($prefix === null) { + // The `x` is appended to visually separate the prefix and the + // counter to aid in debugging in case the random prefix ends with + // one or more numeric characters. + $prefix = \bin2hex(\random_bytes(16)) . 'x'; } - $identifier = $engine(); + $identifier = $prefix . $counter++; return [$identifier, "wcfNode-{$identifier}"]; }