[Svn] r2932 - in trunk/roundcubemail: . program/include program/steps/mail

trac at roundcube.net trac at roundcube.net
Mon Sep 7 14:51:21 CEST 2009


Author: alec
Date: 2009-09-07 07:51:21 -0500 (Mon, 07 Sep 2009)
New Revision: 2932

Modified:
   trunk/roundcubemail/CHANGELOG
   trunk/roundcubemail/program/include/rcmail.php
   trunk/roundcubemail/program/include/session.inc
   trunk/roundcubemail/program/steps/mail/compose.inc
   trunk/roundcubemail/program/steps/mail/func.inc
   trunk/roundcubemail/program/steps/mail/sendmail.inc
Log:
- Use faster/secure mt_rand() (#1486094)


Modified: trunk/roundcubemail/CHANGELOG
===================================================================
--- trunk/roundcubemail/CHANGELOG	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/CHANGELOG	2009-09-07 12:51:21 UTC (rev 2932)
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Use faster/secure mt_rand() (#1486094)
 - Fix roundcube hangs on empty inbox with bincimapd (#1486093)
 - Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926)
 - Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)

Modified: trunk/roundcubemail/program/include/rcmail.php
===================================================================
--- trunk/roundcubemail/program/include/rcmail.php	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/program/include/rcmail.php	2009-09-07 12:51:21 UTC (rev 2932)
@@ -879,7 +879,7 @@
     $key = $this->task;
     
     if (!$_SESSION['request_tokens'][$key])
-      $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true));
+      $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
     
     return $_SESSION['request_tokens'][$key];
   }

Modified: trunk/roundcubemail/program/include/session.inc
===================================================================
--- trunk/roundcubemail/program/include/session.inc	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/program/include/session.inc	2009-09-07 12:51:21 UTC (rev 2932)
@@ -245,7 +245,7 @@
   $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
   for ($random = "", $i=1; $i <= 32; $i++) {
-    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+    $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
   }
 
   // use md5 value for id or remove capitals from string $randval

Modified: trunk/roundcubemail/program/steps/mail/compose.inc
===================================================================
--- trunk/roundcubemail/program/steps/mail/compose.inc	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/program/steps/mail/compose.inc	2009-09-07 12:51:21 UTC (rev 2932)
@@ -37,7 +37,7 @@
 {
   rcmail_compose_cleanup();
   $_SESSION['compose'] = array(
-    'id' => uniqid(rand()),
+    'id' => uniqid(mt_rand()),
     'param' => request2param(RCUBE_INPUT_GET),
     'mailbox' => $IMAP->get_mailbox_name(),
   );

Modified: trunk/roundcubemail/program/steps/mail/func.inc
===================================================================
--- trunk/roundcubemail/program/steps/mail/func.inc	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/program/steps/mail/func.inc	2009-09-07 12:51:21 UTC (rev 2932)
@@ -1425,7 +1425,7 @@
       'From' => $sender,
       'To'   => $message->headers->mdn_to,
       'Subject' => rcube_label('receiptread') . ': ' . $message->subject,
-      'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
+      'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
       'X-Sender' => $identity['email'],
       'Content-Type' => 'multipart/report; report-type=disposition-notification',
     );

Modified: trunk/roundcubemail/program/steps/mail/sendmail.inc
===================================================================
--- trunk/roundcubemail/program/steps/mail/sendmail.inc	2009-09-07 12:40:05 UTC (rev 2931)
+++ trunk/roundcubemail/program/steps/mail/sendmail.inc	2009-09-07 12:51:21 UTC (rev 2932)
@@ -194,7 +194,7 @@
 if (strlen($_POST['_draft_saveid']) > 3)
   $olddraftmessageid = get_input_value('_draft_saveid', RCUBE_INPUT_POST);
 
-$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));
+$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));
 
 // set default charset
 $input_charset = $OUTPUT->get_charset();

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list