The Entropy builds of PHP can truncate ints instead of overflowing as floats. That misbehavior breaks wp_rand(), wp_generate_password(), and Jetpack.
| Author: | Automattic (profile at wordpress.org) |
| WordPress version required: | 3.0 |
| WordPress version tested: | 3.4.2 |
| Plugin version: | 0.1 |
| Added to WordPress repository: | 15-12-2011 |
| Last updated: | 05-09-2014
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 100 |
| Rated by: | 2 |
| Plugin URI: | http://wordpress.org/extend/plugins/wp-rand-f... |
| Total downloads: | 386 |
 Click to start download |
|
This plugin is not needed as of WordPress 3.5: https://core.trac.wordpress.org/changeset/21685
On some 32bit hosts, the Entropy builds of PHP truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them as floats.
This can cause wp_rand() to return a value outside the requested range. That unexpected value in turn breaks wp_generate_password(), which can have security ramifications.
Of particular note to this plugin's authors, the bug prevents Jetpack from functioning.
This plugin works around the bug by redefining the pluggable wp_rand() function. In the redefinition, large integers are expressed as strings and cast to floats, rather than as ints.