[wp-trac] [WordPress Trac] #10727: Update phpass to version 0.2 (check /dev/urandom before accessing it)
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 28 14:40:20 UTC 2009
#10727: Update phpass to version 0.2 (check /dev/urandom before accessing it)
--------------------------+-------------------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: General | Version: 2.8.4
Severity: normal | Keywords: needs-patch
--------------------------+-------------------------------------------------
Comment(by hakre):
second patch is upgrading to the actual version. one part of the file has
been untouched:
{{{
$this->random_state = microtime() . (function_exists('getmypid') ?
getmypid() : '') . uniqid(rand(), TRUE);
}}}
The original code does not check for getmypid here. I assume this check is
made because some hosters might disable that function. I suggest to put
that into pluggable or into some other layer sothat the class can be kept
untouched and the fix is provided globally.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10727#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list