Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9985

3D Wave CAPTCHA mt_rand() does not check order of min/max values

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.8
    • Fix Version/s: 3.0.9-RC1
    • Component/s: Other
    • Labels:
      None
    • Environment:
      PHP 5.3.5

      Description

      Topic from phpbb.com: http://www.phpbb.com/community/viewtopic.php?f=46&t=2116575

      In PHP 5.3.4, they changed it so that mt_rand(min, max) throws an error message if the min and max values are not in the right order when calling the function. The 3D Wave CAPTCHA does not check the order, so the image is not successfully generated.

      Error while creating image
      » Error in /includes/captcha/captcha_gd_wave.php on line 65: mt_rand(): max(315) is smaller than min(355)
      Error while creating image
      » Error in /includes/captcha/captcha_gd_wave.php on line 66: mt_rand(): max(81) is smaller than min(96)

        Issue Links

          Activity

          Hide
          A_Jelly_Doughnut A_Jelly_Doughnut added a comment -

          PHP pushed this fix in 5.3.4, FWIW.
          http://bugs.php.net/46587
          Seems like an odd bug to bother fixing. (patch) http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/rand.c?r1=293036&r2=305692

          Show
          A_Jelly_Doughnut A_Jelly_Doughnut added a comment - PHP pushed this fix in 5.3.4, FWIW. http://bugs.php.net/46587 Seems like an odd bug to bother fixing. (patch) http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/rand.c?r1=293036&r2=305692
          Hide
          bantu Andreas Fischer added a comment - - edited

          This isn't about "checking" since you cannot configure the values passed to mt_rand(). This is just about using the correct argument order, which we should of course do.

          Show
          bantu Andreas Fischer added a comment - - edited This isn't about "checking" since you cannot configure the values passed to mt_rand(). This is just about using the correct argument order, which we should of course do.

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              Noxwizard Patrick Webster
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development