id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
10727,Update phpass to version 0.2 (check /dev/urandom before accessing it),hakre,westi,"the phpass class is using the @ error operator to suppress messages when /dev/urandom is not accessible but does not check wether it is readable before.

accessing such a resource on systems where it does not exists (win32/winnt operating systems) this will lead to a warning.

this warning is suppresd by the @ operator but handeled over to the error handler anyway. it therefore stands in the way if you implement own error handlers and throw exceptions then like

  set_error_handler(create_function('$errno, $errstr, $errfile, $errline', 'throw new ErrorException($errstr, 0, $errno, $errfile, $errline);'));

the @ operator is considered bad practice not only because of that and it's usage should be reduced.

attached you will find a patch that is preventing errors on windows systems (and others where /dev/urandom is not accessible) and therefore should improve it.

I contacted the class author as well so there is a chance to have this upstreamed.",defect (bug),closed,normal,3.0,General,2.8.4,normal,fixed,has-patch tested early,