[wp-trac] [WordPress Trac] #28633: Generate better random numbers
WordPress Trac
noreply at wordpress.org
Wed Sep 23 03:48:37 UTC 2015
#28633: Generate better random numbers
-------------------------------------------+------------------------
Reporter: sarciszewski | Owner: dd32
Type: enhancement | Status: reviewing
Priority: normal | Milestone: 4.4
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-testing has-patch early | Focuses:
-------------------------------------------+------------------------
Comment (by dd32):
[attachment:28633.diff] is tested against PHP 5.6 & PHP7-RC3 (This patch
doesn't include the random_compat library itself though, for easier
review)
A few things to note
- `wp_rand()` always returns positive numbers, even if a negative range
is offered
- `wp_rand()` accepts the parameters in either order
- streamlined the `try {} catch {} catch {}` to avoid needing to use
version comparisons
The only issue I noted in the compat library, is that PHP7's
`random_int()` claims to accept Integers, but accepts numeric types
(floats/numeric strings) happily, and it appears that `wp_rand()` probably
does too. As such,
https://github.com/paragonie/random_compat/compare/master...dd32:compat-
types?expand=1 is my work-in-progress at allowing it.
I was delayed in testing this thanks to conferences & the PHP7 packages
being delayed (I'm testing using [https://webtatic.com/news/tag/php/
Webtatic PHP7 packages] for Centos/RHEL 6 (In case anyone wants to also
verify my experience)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28633#comment:52>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list