[wp-trac] [WordPress Trac] #10727: check /dev/urandom before accessing it
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 5 10:06:25 UTC 2009
#10727: check /dev/urandom before accessing it
--------------------------+-------------------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: General | Version: 2.8.4
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
the phpass class is using the @ error operator to suppress messages when
/dev/urandom is not accessible but does not check wether it is readable
before.
accessing such a resource on systems where it does not exists (win32/winnt
operating systems) this will lead to a warning.
this warning is suppresd by the @ operator but handeled over to the error
handler anyway. it therefore stands in the way if you implement own error
handlers and throw exceptions then like
set_error_handler(create_function('$errno, $errstr, $errfile, $errline',
'throw new ErrorException($errstr, 0, $errno, $errfile, $errline);'));
the @ operator is considered bad practice not only because of that and
it's usage should be reduced.
attached you will find a patch that is preventing errors on windows
systems (and others where /dev/urandom is not accessible) and therefore
should improve it.
I contacted the class author as well so there is a chance to have this
upstreamed.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10727>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list