Opened 2 years ago
Closed 2 years ago
#16072 closed defect (bug) (fixed)
phpass bundled with WordPress is not latest version
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.2 |
| Component: | External Libraries | Version: | 3.1 |
| Severity: | normal | Keywords: | has-patch 3.2-early |
| Cc: |
Description
WordPress 3.1-RC2 has ver 0.2 where the latest version is 0.3.
Attachments (1)
Change History (6)
- Keywords 3.2-early added
- Milestone changed from Awaiting Review to Future Release
April 22, 2010 - There's a new revision of our PHP password hashing framework - phpass 0.3. This revision no longer requires the getmypid() PHP function (which a few shared hosting providers disable) and it supports the "$H$" hash encoding prefix (as used by phpBB3). Also, the size of an array in the C reimplementation, which is unused by the framework itself, has been corrected (thanks to Christian von Schultz for reporting the bug).
getmypid() is already removed in wordpress.
+1 to keep in sync with upstream early.
- Component changed from General to External Libraries
- Keywords has-patch added
westi is correct only minor changes.
Never the less, patch attached. The only code change is to allow $H$ hashes from phpBB3. Changed version to 0.3 / WordPress since it isn't "genuine" phpass (we removed getmypid in favour of uniqid+rand and added error suppression to is_readable).
We use 0.2 + changes from memory.
Doesn't look like we need to update this for 3.1