[wp-trac] [WordPress Trac] #10727: check /dev/urandom before accessing it

WordPress Trac wp-trac at lists.automattic.com
Sat Sep 5 10:06:25 UTC 2009


#10727: check /dev/urandom before accessing it
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:       
     Type:  defect (bug)  |      Status:  new  
 Priority:  normal        |   Milestone:  2.9  
Component:  General       |     Version:  2.8.4
 Severity:  normal        |    Keywords:       
--------------------------+-------------------------------------------------
 the phpass class is using the @ error operator to suppress messages when
 /dev/urandom is not accessible but does not check wether it is readable
 before.

 accessing such a resource on systems where it does not exists (win32/winnt
 operating systems) this will lead to a warning.

 this warning is suppresd by the @ operator but handeled over to the error
 handler anyway. it therefore stands in the way if you implement own error
 handlers and throw exceptions then like

   set_error_handler(create_function('$errno, $errstr, $errfile, $errline',
 'throw new ErrorException($errstr, 0, $errno, $errfile, $errline);'));

 the @ operator is considered bad practice not only because of that and
 it's usage should be reduced.

 attached you will find a patch that is preventing errors on windows
 systems (and others where /dev/urandom is not accessible) and therefore
 should improve it.

 I contacted the class author as well so there is a chance to have this
 upstreamed.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10727>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list