The Entropy builds of PHP can truncate ints instead of overflowing as floats. That misbehavior breaks wp_rand(), wp_generate_password(), and Jetpack.
Author: | Automattic (profile at wordpress.org) |
WordPress version required: | 3.0 |
WordPress version tested: | 3.4.2 |
Plugin version: | 0.1 |
Added to WordPress repository: | 15-12-2011 |
Last updated: | 05-09-2014
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
Rating, %: | 100 |
Rated by: | 2 |
Plugin URI: | http://wordpress.org/extend/plugins/wp-rand-f... |
Total downloads: | 386 |
Click to start download |
This plugin is not needed as of WordPress 3.5: https://core.trac.wordpress.org/changeset/21685
On some 32bit hosts, the Entropy builds of PHP truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them as floats.
This can cause wp_rand()
to return a value outside the requested range. That unexpected value in turn breaks wp_generate_password()
, which can have security ramifications.
Of particular note to this plugin's authors, the bug prevents Jetpack from functioning.
This plugin works around the bug by redefining the pluggable wp_rand()
function. In the redefinition, large integers are expressed as strings and cast to floats, rather than as ints.