From b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 Mon Sep 17 00:00:00 2001 From: alecpl Date: Mon, 7 Sep 2009 12:51:21 +0000 Subject: - Use faster/secure mt_rand() (#1486094) --- CHANGELOG | 1 + program/include/rcmail.php | 2 +- program/include/session.inc | 2 +- program/steps/mail/compose.inc | 2 +- program/steps/mail/func.inc | 2 +- program/steps/mail/sendmail.inc | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index aff6dadd8..9dd9197d8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Use faster/secure mt_rand() (#1486094) - Fix roundcube hangs on empty inbox with bincimapd (#1486093) - Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926) - Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655) diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 4624ee194..b148e5168 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -879,7 +879,7 @@ class rcmail $key = $this->task; if (!$_SESSION['request_tokens'][$key]) - $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true)); + $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true)); return $_SESSION['request_tokens'][$key]; } diff --git a/program/include/session.inc b/program/include/session.inc index ee9bb75ab..bd4e2a1ea 100644 --- a/program/include/session.inc +++ b/program/include/session.inc @@ -245,7 +245,7 @@ function rcube_sess_regenerate_id() $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; for ($random = "", $i=1; $i <= 32; $i++) { - $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1); + $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1); } // use md5 value for id or remove capitals from string $randval diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 5d1fe2122..8b821c8ea 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -37,7 +37,7 @@ if (!is_array($_SESSION['compose']) || $_SESSION['compose']['id'] != get_input_v { rcmail_compose_cleanup(); $_SESSION['compose'] = array( - 'id' => uniqid(rand()), + 'id' => uniqid(mt_rand()), 'param' => request2param(RCUBE_INPUT_GET), 'mailbox' => $IMAP->get_mailbox_name(), ); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index f6e4a9d63..ed36e84a8 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1425,7 +1425,7 @@ function rcmail_send_mdn($uid, &$smtp_error) 'From' => $sender, 'To' => $message->headers->mdn_to, 'Subject' => rcube_label('receiptread') . ': ' . $message->subject, - 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])), + 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])), 'X-Sender' => $identity['email'], 'Content-Type' => 'multipart/report; report-type=disposition-notification', ); diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index c5a2ea7c3..b655ff8a7 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -194,7 +194,7 @@ function rcmail_email_input_format($mailto) if (strlen($_POST['_draft_saveid']) > 3) $olddraftmessageid = get_input_value('_draft_saveid', RCUBE_INPUT_POST); -$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])); +$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])); // set default charset $input_charset = $OUTPUT->get_charset(); -- cgit v1.2.3