Update phpass to version 0.2 (check /dev/urandom before accessing it)
|Reported by:||hakre||Owned by:||westi|
|Severity:||normal||Keywords:||has-patch tested early|
the phpass class is using the @ error operator to suppress messages when /dev/urandom is not accessible but does not check wether it is readable before.
accessing such a resource on systems where it does not exists (win32/winnt operating systems) this will lead to a warning.
this warning is suppresd by the @ operator but handeled over to the error handler anyway. it therefore stands in the way if you implement own error handlers and throw exceptions then like
set_error_handler(create_function('$errno, $errstr, $errfile, $errline', 'throw new ErrorException($errstr, 0, $errno, $errfile, $errline);'));
the @ operator is considered bad practice not only because of that and it's usage should be reduced.
attached you will find a patch that is preventing errors on windows systems (and others where /dev/urandom is not accessible) and therefore should improve it.
I contacted the class author as well so there is a chance to have this upstreamed.
Change History (14)
- Keywords needs-patch added; has-patch removed
- Summary changed from check /dev/urandom before accessing it to Update phpass to version 0.2 (check /dev/urandom before accessing it)