WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#16072 closed defect (bug) (fixed)

phpass bundled with WordPress is not latest version

Reported by: thee17 Owned by:
Milestone: 3.2 Priority: normal
Severity: normal Version: 3.1
Component: External Libraries Keywords: has-patch 3.2-early
Focuses: Cc:

Description

WordPress 3.1-RC2 has ver 0.2 where the latest version is 0.3.

Attachments (1)

16072.diff (1.1 KB) - added by duck_ 10 years ago.

Download all attachments as: .zip

Change History (6)

#1 follow-up: @westi
10 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release

We use 0.2 + changes from memory.

Doesn't look like we need to update this for 3.1

#2 in reply to: ↑ 1 @hakre
10 years ago

from the news:

April 22, 2010 - There's a new revision of our PHP password hashing framework - phpass 0.3. This revision no longer requires the getmypid() PHP function (which a few shared hosting providers disable) and it supports the "$H$" hash encoding prefix (as used by phpBB3). Also, the size of an array in the C reimplementation, which is unused by the framework itself, has been corrected (thanks to Christian von Schultz for reporting the bug).

getmypid() is already removed in wordpress.

+1 to keep in sync with upstream early.

#3 @duck_
10 years ago

  • Component changed from General to External Libraries
  • Keywords has-patch added

westi is correct only minor changes.

Never the less, patch attached. The only code change is to allow $H$ hashes from phpBB3. Changed version to 0.3 / WordPress since it isn't "genuine" phpass (we removed getmypid in favour of uniqid+rand and added error suppression to is_readable).

@duck_
10 years ago

#4 @ryan
10 years ago

  • Milestone changed from Future Release to 3.2

#5 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17678]) Update phpass. Props duck_. fixes #16072

Note: See TracTickets for help on using tickets.