[wp-trac] [WordPress Trac] #51549: Updat to phpass 0.5
WordPress Trac
noreply at wordpress.org
Fri Oct 16 05:54:14 UTC 2020
#51549: Updat to phpass 0.5
--------------------------------+-----------------------------------
Reporter: ayeshrajans | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version:
Severity: normal | Keywords: has-patch 2nd-opinion
Focuses: |
--------------------------------+-----------------------------------
WordPress currently uses PHPass library version 0.3.
This is over 10 years old now, and the latest version is 0.5. It doesn't
dramatically improve the password hashing mechanism as it would have with
a `password_hash` migration. However, I believe updating 0.5 still brings
some strict comparison improvements made in the new version.
https://www.openwall.com/phpass/
WordPress's copy of phpass [https://github.com/WordPress/wordpress-
develop/commits/master/src/wp-includes/class-phpass.php was modified over
time].
- [https://github.com/WordPress/wordpress-
develop/commit/4a60647ab7c71844e23ff74c839c6e7e90c73892#diff-
7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Add a PHP
4-style constructor compat]
- [https://github.com/WordPress/wordpress-
develop/commit/24cc3db43a23eab578d66877287bd84d27611a2c#diff-
7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Ending
PHP tag removal]
- [https://github.com/WordPress/wordpress-
develop/commit/aec2f2654eb9461ff9b891fb0bfa2038fc4a381b#diff-
7e4ad7f3339a9b11e6cccdab902264a1e059a39afb66ed2ece0c6e3995ab78a1 Limit
password length to 4096 bytes]
All changes need to be rebased to the version 0.5 as well.
(patch to follow)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51549>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list