mahara-contributors team mailing list archive

Thread
Date

[Bug 1715198] Re: PHP ini variable session.entropy_length removed in php7.1

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Fri, 27 Oct 2017 20:14:01 -0000
Reply-to: Bug 1715198 <1715198@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This issue has been fixed in the patch
https://reviews.mahara.org/#/c/7863/2

As part of Bug 1670637

** Changed in: mahara
       Status: Confirmed => Fix Committed

** Changed in: mahara
    Milestone: 18.04.0 => 17.10.0

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1715198

Title:
  PHP  ini variable session.entropy_length removed in php7.1

Status in Mahara:
  Fix Committed

Bug description:
  Remove check for low security (i.e. not random enough) session IDs on ini variable session.entropy_length which is removed in php7.1. This check is done in mahara/htdocs/lib/upgrade.php
  +  [ ] // Check for low security (i.e. not random enough) session IDs
  +    if ((int)ini_get('session.entropy_length') < 16) {
  +        $warnings[] = get_string('notenoughsessionentropy', 'error');
  +    }
  +
  Necessary should be a check on php version and to code for this version something to verify that the current setting of session.save_path is correct.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1715198/+subscriptions

References

[Bug 1715198] [NEW] PHP ini variable session.entropy_length removed in php7.1
From: Rob Slagter, 2017-09-05