Hi Niklas, On Thu, Feb 2, 2017 at 11:05 PM, Niklas Keller <m...@kelunik.com> wrote:
> 2017-02-02 14:24 GMT+01:00 Christoph M. Becker <cmbecke...@gmx.de>: > >> On 02.02.2017 at 12:51, Yasuo Ohgaki wrote: >> >> > Although users must never do this, but there are codes that generate >> random >> > password/access key by mt_rand(). >> >> There is also code that stores clear text passwords. How would you >> prevent that? >> >> IMHO, if users don't care to read the docs[1], it's their fault, and we >> shouldn't waste our time to fix their bugs. > > > While the documentation states that, it can still be improved. > > I've just submitted a patch, you can find the diff here: > https://gist.github.com/kelunik/bb534d4c4ede160d97ef17014052052a (linking > patches via edit.php.net doesn't really work, it just links to the newest > patch of a file and will break once merged). > Nice patch! I'm OK with your patch. Currently, mt_rand() value is affected by srand() in PHP 7.1. It may be described, but I think there will be new PRNG state for rand()/srand() at least, hopefully soon. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
