summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2009-09-07 12:51:21 +0000
committeralecpl <alec@alec.pl>2009-09-07 12:51:21 +0000
commitb48d9bf5d412a6f56f3f9ba4bad141ddfe175727 (patch)
tree6eb95a2196a370c580832df650e4e5a03a6b571c
parent3d601d267dfb0ffca32ad953f36944b83910d907 (diff)
- Use faster/secure mt_rand() (#1486094)
-rw-r--r--CHANGELOG1
-rw-r--r--program/include/rcmail.php2
-rw-r--r--program/include/session.inc2
-rw-r--r--program/steps/mail/compose.inc2
-rw-r--r--program/steps/mail/func.inc2
-rw-r--r--program/steps/mail/sendmail.inc2
6 files changed, 6 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG
index aff6dadd8..9dd9197d8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
+- Use faster/secure mt_rand() (#1486094)
- Fix roundcube hangs on empty inbox with bincimapd (#1486093)
- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926)
- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 4624ee194..b148e5168 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -879,7 +879,7 @@ class rcmail
$key = $this->task;
if (!$_SESSION['request_tokens'][$key])
- $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true));
+ $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
return $_SESSION['request_tokens'][$key];
}
diff --git a/program/include/session.inc b/program/include/session.inc
index ee9bb75ab..bd4e2a1ea 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -245,7 +245,7 @@ function rcube_sess_regenerate_id()
$randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($random = "", $i=1; $i <= 32; $i++) {
- $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+ $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
}
// use md5 value for id or remove capitals from string $randval
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 5d1fe2122..8b821c8ea 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -37,7 +37,7 @@ if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != get_input_v
{
rcmail_compose_cleanup();
$_SESSION['compose'] = array(
- 'id' => uniqid(rand()),
+ 'id' => uniqid(mt_rand()),
'param' => request2param(RCUBE_INPUT_GET),
'mailbox' => $IMAP->get_mailbox_name(),
);
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index f6e4a9d63..ed36e84a8 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1425,7 +1425,7 @@ function rcmail_send_mdn($uid, &$smtp_error)
'From' => $sender,
'To' => $message->headers->mdn_to,
'Subject' => rcube_label('receiptread') . ': ' . $message->subject,
- 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
+ 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
'X-Sender' => $identity['email'],
'Content-Type' => 'multipart/report; report-type=disposition-notification',
);
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index c5a2ea7c3..b655ff8a7 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -194,7 +194,7 @@ function rcmail_email_input_format($mailto)
if (strlen($_POST['_draft_saveid']) > 3)
$olddraftmessageid = get_input_value('_draft_saveid', RCUBE_INPUT_POST);
-$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));
+$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));
// set default charset
$input_charset = $OUTPUT->get_charset();