[wp-trac] [WordPress Trac] #6293: phpass should use uniqid(),
not getmypid()
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 19 00:28:30 GMT 2008
#6293: phpass should use uniqid(), not getmypid()
------------------------+---------------------------------------------------
Reporter: tellyworth | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: General | Version:
Severity: normal | Keywords: has-patch
------------------------+---------------------------------------------------
class-phpass.php uses this code to generate a random string:
{{{
$this->random_state = microtime() . getmypid();
}}}
It shouldn't, because (a) it reinvents the uniqid() wheel, and (b)
getmypid() is evidently disabled on some locked-down PHP installs:
http://wordpress.org/support/topic/162121?replies=2
The patch changes it to call uniqid() instead.
--
Ticket URL: <http://trac.wordpress.org/ticket/6293>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list