Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#56304 closed defect (bug) (invalid)

Deprecated function mcrypt_create_iv() after PHP 7.1 update.

Reported by: hilayt24's profile hilayt24 Owned by:
Milestone: Priority: normal
Severity: major Version:
Component: External Libraries Keywords: has-patch
Focuses: coding-standards Cc:

Description

The function mcrypt_create_iv is deprecated after PHP 7.1 and is still used in the WordPress versions.

/Users/smitrathod/local sites/wp-testing-site/app/public/wp-includes/random_compat/random_bytes_mcrypt.php	60	17	error	Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or OpenSSL instead
/Users/smitrathod/local sites/wp-testing-site/app/public/wp-includes/random_compat/random_bytes_mcrypt.php	60	17	error	Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or pecl/mcrypt once available instead
/Users/smitrathod/local sites/wp-testing-site/app/public/wp-includes/random_compat/random_bytes_mcrypt.php	60	54	error	The constant \MCRYPT_DEV_URANDOM\" is deprecated since PHP 7.1 and removed since PHP 7.2"

Attachments (1)

#56304.patch (528 bytes) - added by hilayt24 2 years ago.
Deprecated Function is replaced with random_bytes funciton

Download all attachments as: .zip

Change History (4)

@hilayt24
2 years ago

Deprecated Function is replaced with random_bytes funciton

#1 @hilayt24
2 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

#2 @SergeyBiryukov
2 years ago

  • Component changed from General to External Libraries
  • Keywords dev-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi there, thanks for the ticket!

random_compat is an external library, any suggested changes would need to be submitted upstream.

The attached patch would not work, as the function being patched here is itself a polyfill for random_bytes() on older PHP versions where it's not available.

Last edited 2 years ago by SergeyBiryukov (previous) (diff)

#3 @jrf
2 years ago

What @SergeyBiryukov says is correct, but more than that, if you look at the random_compat/random.php bootstrap file, you can see that the functionality of this external dependency will only ever be used on PHP 5.6.

In other words: patching this is absolutely unnecessary (and wrong).

Note: See TracTickets for help on using tickets.