[wp-trac] [WordPress Trac] #28633: Generate better random numbers

WordPress Trac noreply at wordpress.org
Sun Mar 22 23:33:48 UTC 2015

#28633: Generate better random numbers
 Reporter:  sarciszewski                   |       Owner:
     Type:  enhancement                    |      Status:  new
 Priority:  normal                         |   Milestone:  Future Release
Component:  Security                       |     Version:  trunk
 Severity:  normal                         |  Resolution:
 Keywords:  needs-testing has-patch early  |     Focuses:
Changes (by dd32):

 * keywords:  needs-testing has-patch => needs-testing has-patch early
 * severity:  major => normal
 * milestone:  Awaiting Review => Future Release


 I'd prefer to land these changes at the start of a cycle, to allow for
 full testing by everyone and to surface any issues from reliance upon any
 of the functions.

 Based on the PHP7 RFC, which looks like it'll succeed, we should change
 the direction of the patch to simply provide a compat layer for the PHP7
 function signatures instead, which will benefit us in the long term.

 The changes:
  - `wp_external_random_bytes()` -> `random_bytes()` not sure if the byte
 length changes, or if it's a required param..
  - `wp_external_rand()` -> `random_int()` which also needs to support
 negative numbers, ie. `random_int( -1000, -10 )` should work.
  - `wp_external_random_positive_int()` becomes an internal private
 function, only defined when the wrapper for random_int is, however it
 might not even be needed based on the negative number support for

Ticket URL: <https://core.trac.wordpress.org/ticket/28633#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list