Commit 7c38675
Fail closed when CSPRNG is unavailable during nonce generation
Replace the weak nonce fallback in create_login_nonce() with a
hard failure. The fallback used wp_hash() with predictable inputs
(user_id, wp_rand, microtime) and was defensive code from the
PHP 5.x era. On PHP 7+ (the plugin minimum is 7.2), random_bytes()
uses OS-level CSPRNG sources that do not fail under normal conditions.
If the CSPRNG is broken, generating a weak nonce is worse than
refusing to proceed. Both callers already handle the false return
with wp_die().
Closes #860
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>1 parent 3060a4d commit 7c38675
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1208 | 1208 | | |
1209 | 1209 | | |
1210 | 1210 | | |
1211 | | - | |
| 1211 | + | |
1212 | 1212 | | |
1213 | 1213 | | |
1214 | 1214 | | |
| |||
0 commit comments