Bug #25874
Security Randomizer produces a Warning on Windows if openssl_* is not available
| Status: | Resolved | Start date: | 2011-04-11 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Andreas Förthner | % Done: | 100% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | Affected Flow version: |
Description
In line 166ff of the Security_Randomizer script we're currently using to create the CSRF tokens a random string is generated with following command:
$fp = @fopen('/dev/urandom', 'rb')
Despite of the Error Control Operator a warning is produced that leads to an exception in Development mode.
We should check the OS here or try the windows commands first..
Associated revisions
[+BUGFIX] Security Randomizer produces a Warning on Windows
If openssl is not available, the 3rd party script we're using to
generate random bytes executes
$fp = @fopen('/dev/urandom', 'rb')
Despite of the Error Control Operator a warning is produced that
leads to an exception in Development mode.
This is fixed by checking the OS here and only execute those lines
on unix based systems.
Note: As this is a 3rd party script we need to contact the author
regarding this change!
Change-Id: I7bc25437000c982083003926eaeb4d1f71f4e007
Fixes: #25874
History
#1 Updated by Mr. Hudson over 4 years ago
Patch set 1 of change I7bc25437000c982083003926eaeb4d1f71f4e007 has been pushed to the review server.
It is available at http://review.typo3.org/1606
#2 Updated by Bastian Waidelich over 4 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset c8e21cdf742af924b21105eab5d0675e25e1cb5b.