[wp-trac] [WordPress Trac] #6293: phpass should use uniqid(), not getmypid()

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 19 00:28:30 GMT 2008


#6293: phpass should use uniqid(), not getmypid()
------------------------+---------------------------------------------------
 Reporter:  tellyworth  |       Owner:  anonymous
     Type:  defect      |      Status:  new      
 Priority:  normal      |   Milestone:  2.5      
Component:  General     |     Version:           
 Severity:  normal      |    Keywords:  has-patch
------------------------+---------------------------------------------------
 class-phpass.php uses this code to generate a random string:

 {{{
 $this->random_state = microtime() . getmypid();
 }}}

 It shouldn't, because (a) it reinvents the uniqid() wheel, and (b)
 getmypid() is evidently disabled on some locked-down PHP installs:

 http://wordpress.org/support/topic/162121?replies=2

 The patch changes it to call uniqid() instead.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6293>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list