[wp-trac] [WordPress Trac] #6293: phpass should use uniqid(), not getmypid()

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 19 00:28:30 GMT 2008

#6293: phpass should use uniqid(), not getmypid()
 Reporter:  tellyworth  |       Owner:  anonymous
     Type:  defect      |      Status:  new      
 Priority:  normal      |   Milestone:  2.5      
Component:  General     |     Version:           
 Severity:  normal      |    Keywords:  has-patch
 class-phpass.php uses this code to generate a random string:

 $this->random_state = microtime() . getmypid();

 It shouldn't, because (a) it reinvents the uniqid() wheel, and (b)
 getmypid() is evidently disabled on some locked-down PHP installs:


 The patch changes it to call uniqid() instead.

Ticket URL: <http://trac.wordpress.org/ticket/6293>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list