PHP8.1 E_DEPRECATED in PasswordHash::gensalt_blowfish

[hanshenrik]

since PHP8.1, PasswordHash::gensalt_blowfish risk getting E_DEPRECATED errors like

Deprecated: Implicit conversion from float 48.8 to int loses precision

in

$output .= chr((ord('0') + $this->iteration_count_log2 / 10));

the fix is simple, change it from implicit conversion to explicit conversion:

$output .= chr((int)((ord('0') + $this->iteration_count_log2 / 10)));

trac: https://core.trac.wordpress.org/ticket/56340

fix PHP>=8.1 E_DEPRECATED: Deprecated: Implicit conversion from float 48.8 to int loses precision

Trac ticket: https://core.trac.wordpress.org/ticket/56340

[hanshenrik]

updated diff

[jrf]

Fix looks good, but it would be good to have a test to safeguard this fix.

[desrosj]

The class being updated in the patches is ​technically an external library, though WordPress has made some changes to it over time (see the description of #51549).

I believe that the original intent of PHPass was to properly support password hashing on PHP < 5.5, which no longer applies to WordPress. But moving off of PHPass is a much larger discussion currently being had in #50027 and #21022.

This one off adjustment should be fine to make in the meantime, provided a few tests are added.

[audrasjb]

With WP 6.1 RC 1 scheduled tomorrow (Oct 10, 2022), there is not much time left to address this ticket. Given it still needs unit tests, let's move this ticket to 6.2.

Ps: if you were about to send a patch and if you feel it is realistic to commit it in the next few hours, please feel free to move this ticket back to milestone 6.1.