[wp-trac] [WordPress Trac] #60638: Gravatar: Upgrade md5 hashing algorithm to sha256
WordPress Trac
noreply at wordpress.org
Tue Jan 7 00:04:16 UTC 2025
#60638: Gravatar: Upgrade md5 hashing algorithm to sha256
--------------------------------------+-----------------------------
Reporter: henry.wright | Owner: SergeyBiryukov
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.8
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: privacy
--------------------------------------+-----------------------------
Changes (by johnbillion):
* status: closed => reopened
* resolution: fixed =>
Comment:
Re-opening this because the `hash` extension can be disabled on PHP 7.2
and 7.3, meaning `hash()` isn't guaranteed to be available. Only on PHP
7.4 and higher is it a core extension.
See https://github.com/WordPress/wordpress-
develop/pull/7333#issuecomment-2574024332 where I'm waiting to see what
Dion says.
The other effect that this has is not being able to use sha256 in the
`hash_hmac()` compat function in core, and we've got a few places where
this is handled:
* https://github.com/WordPress/wordpress-
develop/blob/4a9a928dbcd1c91d3633c8de51614dd90d8ea0ac/src/wp-includes
/class-wpdb.php#L2409-L2414
* https://github.com/WordPress/wordpress-
develop/blob/4a9a928dbcd1c91d3633c8de51614dd90d8ea0ac/src/wp-
includes/pluggable.php#L770-L772
* https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-
includes/pluggable.php#L873-L875
We might need to fall back to `md5()` when `hash()` isn't available.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60638#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list