Roundcubemail devel
parent: 3d601d26 | patch | commit | show whitespace
alecpl
2009-09-07 b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 
- Use faster/secure mt_rand() (#1486094)


6 files modified
11 ■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/include/rcmail.php 2 ●●● patch | view | raw | blame | history
program/include/session.inc 2 ●●● patch | view | raw | blame | history
program/steps/mail/compose.inc 2 ●●● patch | view | raw | blame | history
program/steps/mail/func.inc 2 ●●● patch | view | raw | blame | history
program/steps/mail/sendmail.inc 2 ●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -1,6 +1,7 @@


CHANGELOG RoundCube Webmail


===========================




- Use faster/secure mt_rand() (#1486094)


- Fix roundcube hangs on empty inbox with bincimapd (#1486093)


- Fix wrong headers for IE on servers without $_SERVER['HTTPS'] (#1485926)


- Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655)




 program/include/rcmail.php


@@ -879,7 +879,7 @@


    $key = $this->task;


    


    if (!$_SESSION['request_tokens'][$key])


      $_SESSION['request_tokens'][$key] = md5(uniqid($key . rand(), true));


      $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));


    


    return $_SESSION['request_tokens'][$key];


  }




 program/include/session.inc


@@ -245,7 +245,7 @@


  $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";




  for ($random = "", $i=1; $i <= 32; $i++) {


    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);


    $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);


  }




  // use md5 value for id or remove capitals from string $randval




 program/steps/mail/compose.inc


@@ -37,7 +37,7 @@


{


  rcmail_compose_cleanup();


  $_SESSION['compose'] = array(


    'id' => uniqid(rand()),


    'id' => uniqid(mt_rand()),


    'param' => request2param(RCUBE_INPUT_GET),


    'mailbox' => $IMAP->get_mailbox_name(),


  );




 program/steps/mail/func.inc


@@ -1425,7 +1425,7 @@


      'From' => $sender,


      'To'   => $message->headers->mdn_to,


      'Subject' => rcube_label('receiptread') . ': ' . $message->subject,


      'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),


      'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),


      'X-Sender' => $identity['email'],


      'Content-Type' => 'multipart/report; report-type=disposition-notification',


    );




 program/steps/mail/sendmail.inc


@@ -194,7 +194,7 @@


if (strlen($_POST['_draft_saveid']) > 3)


  $olddraftmessageid = get_input_value('_draft_saveid', RCUBE_INPUT_POST);




$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));


$message_id = sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host']));




// set default charset


$input_charset = $OUTPUT->get_charset();