[php-maint] Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3
Fonso
ulfonk_mennhar at gmx.de
Thu Mar 4 21:30:19 UTC 2010
Package: php5
Version: 5.3.1-5
Severity: important
The output of crypt() for certain salts has changed between version 5.2.6-1+lenny6 and 5.3.1-5
The following small test script demonstrates this:
<?php echo crypt("semmel", "1$"); ?>
With php 5.3.1-5 this results in: 1$YZfgMfg2BiI
With php 5.2.6-1+lenny6 this results in: 1$IjqLeTnxFwo
As far as I can see from the documentation at http://de.php.net/manual/en/function.crypt.php "1$" is a valid salt for standard DES.
As a side note, the same output is generated, with the following script which provides an invalid, but different, salt:
<?php echo crypt("semmel", 1); ?>
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.3.1-5 server-side, HTML-embedded scripti
ii php5-common 5.3.1-5 Common files for packages built fr
php5 recommends no packages.
php5 suggests no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list