I would still like to still see an official comment from the plugin team seconding this but it feels like a false positive.
On line 16 of the file referred to in the error it is looking for the function “mcrypt_create_iv()”; but is wrapped in an if statement checking for “random_bytes()” first wether “mcrypt_create_iv()” even existed to begin with.
if (function_exists('random_bytes')) {
$randBytes = random_bytes(16);
} elseif (function_exists('mcrypt_create_iv')) {
srand();
$randBytes = mcrypt_create_iv(16);
} elseif (function_exists('openssl_random_pseudo_bytes')) {
$wasItSecure = false;
$randBytes = openssl_random_pseudo_bytes(16, $wasItSecure);
if ($wasItSecure === false) {
return false;
}
} else {
return false;
}
Tested on PHP 7.2 with the Cloudflare plugin Version: 3.3.2
-
This reply was modified 6 years, 4 months ago by Vincent.
