Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[5.4] Use str_random() for generating file names #16193

Merged
merged 6 commits into from
Nov 2, 2016
Merged

[5.4] Use str_random() for generating file names #16193

merged 6 commits into from
Nov 2, 2016

Conversation

themsaid
Copy link
Member

In reference to laravel/ideas#161

@taylorotwell
Copy link
Member

Looks like you're missing a namespace import?

@themsaid
Copy link
Member Author

Fixed, sorry. Was submitting to 5.3 first and changed branch looks like I dropped this import.

@@ -46,6 +48,6 @@ public function hashName($path = null)
$path = rtrim($path, '/').'/';
}

return $path.md5_file($this->getRealPath()).'.'.$this->guessExtension();
return $path.Uuid::uuid4()->toString().'.'.$this->guessExtension();
Copy link
Contributor

@lucasmichot lucasmichot Oct 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@themsaid this is a great new addition.
Nevertheless md5 is great as it only contains hexadecimals, and allows to structure the filename splitting parts of its name:

0123456789abcdef.jpg => 01/23/45/67/89/ab/cd/ef.jpg

But UUID4 also contains -.

I believe this character could be removed for readability purpose?

str_replace('-', '',  Uuid::uuid4()->toString())...

Also I think the docblock can be updated

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's fine with me to strip dashes.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or just use str_random(32)

Copy link
Contributor

@vlakoff vlakoff Oct 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or simply:

bin2hex(random_bytes(16))

(as a bonus: real 128 bits entropy, instead of 122 with UUID4 because of reserved bits.)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a UUID is more likely to be unique than random_bytes, right? UUID's strength is uniqueness, random_bytes's strength is cryptographically secure randomness.

Copy link
Contributor

@vlakoff vlakoff Nov 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ramsey/uuid just uses random_bytes() too, see RandomBytesGenerator.

In fact my code above is just the removal of a bunch of classes, factories, generators, etc. It is an equivalent code without all the winter layers.

@antonkomarev
Copy link
Contributor

antonkomarev commented Nov 1, 2016

Isn't getHex() method doing the same job as strip dashes commit?
https://github.com/ramsey/uuid/blob/master/src/Uuid.php#L357

@antonkomarev
Copy link
Contributor

antonkomarev commented Nov 1, 2016

And I have one note about UUIDv4 uniqueness. I had an experience couple of years ago with this package in high load advertisement tracking system. All clicks were marked with UUIDv4, after half of a year I found that there were ~3% of ID duplications. After that I'm always trying to use UUIDv5 when I want to make really unique value, but it require to generate namespace UUID first.

Copy link
Member

@GrahamCampbell GrahamCampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a UUID is more likely to be unique than random_bytes, right?

No, basically.

@@ -46,6 +48,6 @@ public function hashName($path = null)
$path = rtrim($path, '/').'/';
}

return $path.md5_file($this->getRealPath()).'.'.$this->guessExtension();
return $path.Uuid::uuid4()->toString().'.'.$this->guessExtension();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or just use str_random(32)

@vlakoff
Copy link
Contributor

vlakoff commented Nov 1, 2016

or just use str_random(32)

I thought about this, but maybe it's not a good idea because of inconsistencies on case-sensitive vs. case-insensitive filesystems.

@GrahamCampbell
Copy link
Member

I thought about this, but maybe it's not a good idea because of inconsistencies on case-sensitive vs. case-insensitive filesystems.

Just lowercase the output of the function?

@vlakoff
Copy link
Contributor

vlakoff commented Nov 2, 2016

The result would be unevenly distributed (bias towards letters), still it would have more entropy than my above solution, so it might be better, technically.

Just as a reminder, these kinds of discussions are endless ;)

@GrahamCampbell
Copy link
Member

Just use str_random, and we're done. No need to f**k about with uuids.

@taylorotwell
Copy link
Member

Graham does make a good point 😄

@themsaid themsaid changed the title [5.4] Use UUID for generating file names [5.4] Use str_random() for generating file names Nov 2, 2016
@taylorotwell taylorotwell merged commit 5f55fec into laravel:master Nov 2, 2016
@vlakoff
Copy link
Contributor

vlakoff commented Nov 2, 2016

I had an example in mind for the lowercase need.

If you do path splitting as lucasmichot said above:
abcdef.jpg => ab/cd/ef.jpg
ABCDeh.jpg => ab/cd/eh.jpg (windows reuse existing paths)

If you share some data between windows and linux servers, you're very likely to encounter issues.

I think we should really apply a strtolower().

@jeroennoten
Copy link
Contributor

Just write your own file storing procedure if you need something different, it's not hard. This methods exists really only for convenience.

@vlakoff
Copy link
Contributor

vlakoff commented Nov 2, 2016

Refs the subsequent 5811bc3. 😄

@vlakoff
Copy link
Contributor

vlakoff commented Nov 22, 2016

Documentation needs to be updated: https://laravel.com/docs/master/filesystem#file-uploads.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants