WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#34948 closed defect (bug) (fixed)

Update random_compat for "Don't instantiate COM if it's a disabled class"

Reported by: ocean90 Owned by: dd32
Milestone: 4.4.1 Priority: normal
Severity: minor Version: 4.4
Component: External Libraries Keywords:
Focuses: Cc:
PR Number:

Description

From https://wordpress.org/support/topic/read-this-first-wordpress-44-master-list?replies=4#post-7753846

Warning: com() has been disabled for security reasons in D:\...\wp-includes\random_compat\random.php on line 94 - Solution: Try replacing the /wp-includes/random_compat/random.php file with this one: https://raw.githubusercontent.com/paragonie/random_compat/b3cbb3782fc25f0b3154a89d896d81d99b87cfa3/lib/random.php

See https://github.com/paragonie/random_compat/issues/79

Change History (6)

#1 @dd32
4 years ago

In 35922:

Update random_compat to latest master (~1.1.5)
Changes:

  • Checks disable_classes for COM() before using to avoid PHP Warnings
  • Uses stream_set_chunk_size() to avoid reading 8KiB from /dev/urandom unintentionally.

See #34948

This ticket was mentioned in Slack in #core by peterwilsoncc. View the logs.


4 years ago

#3 @peterwilsoncc
4 years ago

Last edited 4 years ago by peterwilsoncc (previous) (diff)

#4 @jorbin
4 years ago

  • Owner set to dd32
  • Status changed from new to assigned

This ticket was mentioned in Slack in #core by johnbillion. View the logs.


4 years ago

#6 @dd32
4 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 36058:

Update random_compat to latest
Changes:

  • Checks disable_classes for COM() before using to avoid PHP Warnings
  • Uses stream_set_chunk_size() to avoid reading 8KiB from /dev/urandom unintentionally.

Merges [35922] to the 4.4 branch.

Fixes #34948.

Note: See TracTickets for help on using tickets.