Opened 13 years ago
Closed 13 years ago
#16072 closed defect (bug) (fixed)
phpass bundled with WordPress is not latest version
Reported by: | thee17 | Owned by: | |
---|---|---|---|
Milestone: | 3.2 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | External Libraries | Keywords: | has-patch 3.2-early |
Focuses: | Cc: |
Description
WordPress 3.1-RC2 has ver 0.2 where the latest version is 0.3.
Attachments (1)
Change History (6)
#1
follow-up:
↓ 2
@
13 years ago
- Keywords 3.2-early added
- Milestone changed from Awaiting Review to Future Release
#2
in reply to:
↑ 1
@
13 years ago
April 22, 2010 - There's a new revision of our PHP password hashing framework - phpass 0.3. This revision no longer requires the getmypid() PHP function (which a few shared hosting providers disable) and it supports the "$H$" hash encoding prefix (as used by phpBB3). Also, the size of an array in the C reimplementation, which is unused by the framework itself, has been corrected (thanks to Christian von Schultz for reporting the bug).
getmypid() is already removed in wordpress.
+1 to keep in sync with upstream early.
#3
@
13 years ago
- Component changed from General to External Libraries
- Keywords has-patch added
westi is correct only minor changes.
Never the less, patch attached. The only code change is to allow $H$ hashes from phpBB3. Changed version to 0.3 / WordPress since it isn't "genuine" phpass (we removed getmypid in favour of uniqid+rand and added error suppression to is_readable).
We use 0.2 + changes from memory.
Doesn't look like we need to update this for 3.1