[wp-trac] [WordPress Trac] #28633: Generate better random numbers
WordPress Trac
noreply at wordpress.org
Wed Jun 25 16:16:13 UTC 2014
#28633: Generate better random numbers
--------------------------+------------------------------
Reporter: sarciszewski | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by sarciszewski):
Okay, SVN is giving me a headache. Here's the pull request on github. I
give up on trying to figure out how to work SVN/Trac.
https://github.com/WordPress/WordPress/pull/84
Basically, this adds a wp_secure_rand() function that takes 1 parameter
(the number of bytes desired) and returns a raw binary stream. This should
be use in place of rand(), mt_rand(), uniqid(), etc in places where the
unpredictability of the output matters to security. (e.g. password resets)
I've also patched wp_rand() to call this function internally, so that all
random numbers generated by wp_rand() benefit from this greater security.
Where possible, I tried to make changes seamless to developers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28633#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list