[BUGFIX] Add more entropy to uniqid 28/33328/3
authorTymoteusz Motylewski <t.motylewski@gmail.com>
Fri, 20 Jun 2014 15:13:30 +0000 (17:13 +0200)
committerMarkus Klein <klein.t3@reelworx.at>
Thu, 11 Dec 2014 00:47:01 +0000 (01:47 +0100)
commit5df3d530de1d3c57b3da378175f02a0256ccf1c7
tree7d6b934bdbca5564fb0640c86ff133b9cf98ac17
parent6da6685887adf0386345d8c13ea092e70c3ace1b
[BUGFIX] Add more entropy to uniqid

uniqid() generates values based on current time,
subsequent calls may return the same value on a fast machine.

On Windows it's even worse, as uniqid()
has single-second-resolution out of the box.

Right now it is used in many places in the core,
also for creating temporary identifiers
for newly created records (in the datahandler).

The solution is to add a second parameter to
all calls (which adds more entropy).
see http://php.net/manual/en/function.uniqid.php

To make code consistent, this change adds the
 second parameter to all occurences of uniqid.

Resolves: #59701
Resolves: #58602
Resolves: #59055
Releases: master, 6.2
Change-Id: Id791556d45b4289d75411ff19ae050144fbfe51b
Reviewed-on: http://review.typo3.org/33328
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
35 files changed:
typo3/sysext/backend/Classes/AjaxLoginHandler.php
typo3/sysext/backend/Classes/Controller/BackendController.php
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Form/DataPreprocessor.php
typo3/sysext/backend/Classes/Form/Element/InlineElement.php
typo3/sysext/backend/Classes/Form/FormEngine.php
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/core/Classes/Cache/Backend/FileBackend.php
typo3/sysext/core/Classes/Cache/Backend/RedisBackend.php
typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php
typo3/sysext/core/Classes/Core/Bootstrap.php
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/core/Classes/Database/DatabaseConnection.php
typo3/sysext/core/Classes/Imaging/GraphicalFunctions.php
typo3/sysext/core/Classes/Package/PackageManager.php
typo3/sysext/core/Classes/Package/UnitTestPackageManager.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/TypoScript/ExtendedTemplateService.php
typo3/sysext/core/Classes/Utility/File/BasicFileUtility.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/BaseTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/Framework/ActionService.php
typo3/sysext/form/Classes/Domain/Model/Element/SelectElement.php [deleted file]
typo3/sysext/frontend/Classes/ContentObject/FlowPlayerContentObject.php
typo3/sysext/frontend/Classes/ContentObject/QuicktimeObjectContentObject.php
typo3/sysext/frontend/Classes/ContentObject/ShockwaveFlashObjectContentObject.php
typo3/sysext/impexp/Classes/ImportExport.php
typo3/sysext/install/Classes/Controller/Action/Tool/TestSetup.php
typo3/sysext/install/Classes/FolderStructure/DirectoryNode.php
typo3/sysext/install/Classes/Service/CoreUpdateService.php
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/sv/Classes/LoginFormHook.php
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/workspaces/Classes/Controller/PreviewController.php