[BUGFIX] Add more entropy to uniqid 48/30948/12
authorTymoteusz Motylewski <t.motylewski@gmail.com>
Fri, 20 Jun 2014 15:13:30 +0000 (17:13 +0200)
committerMarkus Klein <klein.t3@reelworx.at>
Wed, 15 Oct 2014 21:17:56 +0000 (23:17 +0200)
commitfa817a7e4c36c2d4dd5858582462ce426fe9bc29
treef70b29f7d8f810ca5b400acf9b4664211c40f5c6
parent53ba08016e8bcdad33aaffe831fab71cef972f5a
[BUGFIX] Add more entropy to uniqid

uniqid() generates values based on current time,
subsequent calls may return the same value on a fast machine.

On Windows it's even worse, as uniqid()
has single-second-resolution out of the box.

Right now it is used in many places in the core,
also for creating temporary identifiers
for newly created records (in the datahandler).

The solution is to add a second parameter to
all calls (which adds more entropy).
see http://php.net/manual/en/function.uniqid.php

To make code consistent, this change adds the
 second parameter to all occurences of uniqid.

Resolves: #59701
Resolves: #58602
Resolves: #59055
Releases: master, 6.2
Change-Id: Id791556d45b4289d75411ff19ae050144fbfe51b
Reviewed-on: http://review.typo3.org/30948
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Froemken <froemken@gmail.com>
Tested-by: Stefan Froemken <froemken@gmail.com>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
38 files changed:
typo3/sysext/backend/Classes/AjaxLoginHandler.php
typo3/sysext/backend/Classes/Controller/BackendController.php
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Form/DataPreprocessor.php
typo3/sysext/backend/Classes/Form/Element/FlexElement.php
typo3/sysext/backend/Classes/Form/Element/InlineElement.php
typo3/sysext/backend/Classes/Form/Element/InputElement.php
typo3/sysext/backend/Classes/Form/Element/SelectElement.php
typo3/sysext/backend/Classes/Form/Element/TextElement.php
typo3/sysext/backend/Classes/Form/FormEngine.php
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/core/Classes/Cache/Backend/FileBackend.php
typo3/sysext/core/Classes/Cache/Backend/RedisBackend.php
typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php
typo3/sysext/core/Classes/Core/Bootstrap.php
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/core/Classes/Database/DatabaseConnection.php
typo3/sysext/core/Classes/Imaging/GraphicalFunctions.php
typo3/sysext/core/Classes/Package/PackageManager.php
typo3/sysext/core/Classes/Package/UnitTestPackageManager.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/TypoScript/ExtendedTemplateService.php
typo3/sysext/core/Classes/Utility/File/BasicFileUtility.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/BaseTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/Framework/ActionService.php
typo3/sysext/frontend/Classes/ContentObject/FlowPlayerContentObject.php
typo3/sysext/frontend/Classes/ContentObject/QuicktimeObjectContentObject.php
typo3/sysext/frontend/Classes/ContentObject/ShockwaveFlashObjectContentObject.php
typo3/sysext/impexp/Classes/ImportExport.php
typo3/sysext/install/Classes/Controller/Action/Tool/TestSetup.php
typo3/sysext/install/Classes/FolderStructure/DirectoryNode.php
typo3/sysext/install/Classes/Service/CoreUpdateService.php
typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
typo3/sysext/sv/Classes/LoginFormHook.php
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/workspaces/Classes/Controller/PreviewController.php