mahara-contributors team mailing list archive

Thread
Date

[Bug 1715198] Re: PHP ini variable session.entropy_length removed in php7.1

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Kristina Hoeppner <1715198@xxxxxxxxxxxxxxxxxx>
Date: Tue, 17 Oct 2017 22:58:21 -0000
Reply-to: Bug 1715198 <1715198@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Rob,

We will look into fixing this. Currently, Mahara does not support PHP
7.1 though (only up to PHP 7.0).

Cheers
Kristina


** Changed in: mahara
    Milestone: None => 18.04.0

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
       Status: New => Confirmed

** Tags added: php71

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1715198

Title:
  PHP  ini variable session.entropy_length removed in php7.1

Status in Mahara:
  Confirmed

Bug description:
  Remove check for low security (i.e. not random enough) session IDs on ini variable session.entropy_length which is removed in php7.1. This check is done in mahara/htdocs/lib/upgrade.php
  +  [ ] // Check for low security (i.e. not random enough) session IDs
  +    if ((int)ini_get('session.entropy_length') < 16) {
  +        $warnings[] = get_string('notenoughsessionentropy', 'error');
  +    }
  +
  Necessary should be a check on php version and to code for this version something to verify that the current setting of session.save_path is correct.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1715198/+subscriptions

References

[Bug 1715198] [NEW] PHP ini variable session.entropy_length removed in php7.1
From: Rob Slagter, 2017-09-05