mahara-contributors team mailing list archive

[Rob Slagter <1715198@xxxxxxxxxxxxxxxxxx>]

** Description changed:

- Remove check for low security (i.e. not random enough) session IDs on ini variable session.entropy_length which is removed in php7.1. This check is done in mahara/htdocs/lib/upgrade.php 
+ Remove check for low security (i.e. not random enough) session IDs on ini variable session.entropy_length which is removed in php7.1. This check is done in mahara/htdocs/lib/upgrade.php
  +  [ ] // Check for low security (i.e. not random enough) session IDs
  +    if ((int)ini_get('session.entropy_length') < 16) {
  +        $warnings[] = get_string('notenoughsessionentropy', 'error');
  +    }
  +
+ Necessary should be a check on php version and to code for this version something to verify that the current setting of session.save_path is correct.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1715198

Title:
  PHP  ini variable session.entropy_length removed in php7.1

Status in Mahara:
  New

Bug description:
  Remove check for low security (i.e. not random enough) session IDs on ini variable session.entropy_length which is removed in php7.1. This check is done in mahara/htdocs/lib/upgrade.php
  +  [ ] // Check for low security (i.e. not random enough) session IDs
  +    if ((int)ini_get('session.entropy_length') < 16) {
  +        $warnings[] = get_string('notenoughsessionentropy', 'error');
  +    }
  +
  Necessary should be a check on php version and to code for this version something to verify that the current setting of session.save_path is correct.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1715198/+subscriptions