diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 7d53833d..696e3748 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -97,7 +97,10 @@ abstract class Random (isset($_POST) ? self::safe_serialize($_POST) : '') . (isset($_GET) ? self::safe_serialize($_GET) : '') . (isset($_COOKIE) ? self::safe_serialize($_COOKIE) : '') . - self::safe_serialize($GLOBALS) . + // as of PHP 8.1 $GLOBALS cann't be accessed by reference, which eliminates + // the need for phpseclib_safe_serialize. see https://wiki.php.net/rfc/restrict_globals_usage + // for more info + (version_compare(PHP_VERSION, '8.1.0', '>=') ? self::safe_serialize($GLOBALS) : self::safe_serialize($GLOBALS)) . self::safe_serialize($_SESSION) . self::safe_serialize($_OLD_SESSION); $v = $seed = $_SESSION['seed'] = sha1($v, true); diff --git a/phpseclib/Math/BigInteger/Engines/BCMath.php b/phpseclib/Math/BigInteger/Engines/BCMath.php index 3b6616b9..f93efe64 100644 --- a/phpseclib/Math/BigInteger/Engines/BCMath.php +++ b/phpseclib/Math/BigInteger/Engines/BCMath.php @@ -80,7 +80,7 @@ class BCMath extends Engine switch (abs($base)) { case 256: // round $len to the nearest 4 - $len = (strlen($this->value) + 3) & 0xFFFFFFFC; + $len = (strlen($this->value) + 3) & ~3; $x = str_pad($this->value, $len, chr(0), STR_PAD_LEFT); diff --git a/phpseclib/Net/SFTP/Attribute.php b/phpseclib/Net/SFTP/Attribute.php index b81b1aa6..d5011ae5 100644 --- a/phpseclib/Net/SFTP/Attribute.php +++ b/phpseclib/Net/SFTP/Attribute.php @@ -32,7 +32,7 @@ abstract class Attribute // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. - public const EXTENDED = (-1 << 31) & 0xFFFFFFFF; + public const EXTENDED = PHP_INT_SIZE == 4 ? -1 : 0xFFFFFFFF; /** */