From b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 7 Sep 2009 12:51:21 +0000
Subject: - Use faster/secure mt_rand() (#1486094)

---
 program/include/rcmail.php  | 2 +-
 program/include/session.inc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'program/include')

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 4624ee194..b148e5168 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -879,7 +879,7 @@ class rcmail
     $key = $this->task;
     
     if (!$_SESSION['request_tokens'][$key])
-      $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true));
+      $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
     
     return $_SESSION['request_tokens'][$key];
   }
diff --git a/program/include/session.inc b/program/include/session.inc
index ee9bb75ab..bd4e2a1ea 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -245,7 +245,7 @@ function rcube_sess_regenerate_id()
   $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
   for ($random = "", $i=1; $i <= 32; $i++) {
-    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+    $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
   }
 
   // use md5 value for id or remove capitals from string $randval
-- 
cgit v1.2.3