- Use faster/secure mt_rand() (#1486094)

author: alecpl <alec@alec.pl> 2009-09-07 12:51:21 +0000
committer: alecpl <alec@alec.pl> 2009-09-07 12:51:21 +0000
commit: b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 (patch)
tree: 6eb95a2196a370c580832df650e4e5a03a6b571c /program/include
parent: 3d601d267dfb0ffca32ad953f36944b83910d907 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 4624ee194..b148e5168 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -879,7 +879,7 @@ class rcmail
     $key = $this->task;
     
     if (!$_SESSION['request_tokens'][$key])
-      $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true));
+      $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
     
     return $_SESSION['request_tokens'][$key];
   }
diff --git a/program/include/session.inc b/program/include/session.inc
index ee9bb75ab..bd4e2a1ea 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -245,7 +245,7 @@ function rcube_sess_regenerate_id()
   $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
   for ($random = "", $i=1; $i <= 32; $i++) {
-    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+    $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
   }
 
   // use md5 value for id or remove capitals from string $randval
author	alecpl <alec@alec.pl>	2009-09-07 12:51:21 +0000
committer	alecpl <alec@alec.pl>	2009-09-07 12:51:21 +0000
commit	b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 (patch)
tree	6eb95a2196a370c580832df650e4e5a03a6b571c /program/include
parent	3d601d267dfb0ffca32ad953f36944b83910d907 (diff)