Edit report at http://bugs.php.net/bug.php?id=55036&edit=1
ID: 55036
User updated by: ss23 at ss23 dot geek dot nz
Reported by: ss23 at ss23 dot geek dot nz
Summary: Have crypt() throw E_WARNING when salt parameter
missing
Status: Open
Type: Feature/Change Request
Package: *Encryption and hash functions
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
Another possible way to "fix" the security risk here would be to choose a sane
hash as a default. Now that they're built in, it shouldn't be a problem to do
this.
Previous Comments:
------------------------------------------------------------------------
[2011-06-11 21:00:55] ss23 at ss23 dot geek dot nz
Description:
------------
Currently, you can call crypt('foo') without any problems, however, given how
useless that is for anything, it's a security risk if someone was actually to
do
this.
Test script:
---------------
<?php
crypt('foo');
Expected result:
----------------
Warning: crypt() expects at least 2 parameters, 1 given
Actual result:
--------------
Works fine
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=55036&edit=1
