Package: php5-common
Version: 5.3.2-1
Severity: important
php's crypt() function is broken. when supplying false, NULL or an
empty salt, i would expect php to generate its own salt:
> # echo "<?php echo crypt('test', false); ?>"|php -q ; echo
>
running php on debian squeeze:
> # php -v -c /etc/php5/cli/php.ini.ucf-dist
> PHP 5.3.2-1 with Suhosin-Patch (cli) (built: Mar 13 2010 22:18:25)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
> with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
everything is working as expected with the binaries from the dotdeb
mirror:
> $ echo "<?php echo crypt('test', false); ?>"|php -q ; echo
> $1$E1bI/Hct$w7nloqFXM2/GmjT5Mawb40
> $ php -v
> PHP 5.3.2-0.dotdeb.2 with Suhosin-Patch (cli) (built: Apr 20 2010 22:58:57)
> Copyright (c) 1997-2009 The PHP Group
> Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
> with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
thanks,
raoul
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
