Fixed bug #10131: Use TYPO3 encryption key in initial state of random byte generation...
authorMichael Stucki <michael.stucki@typo3.org>
Fri, 27 Feb 2009 15:45:26 +0000 (15:45 +0000)
committerMichael Stucki <michael.stucki@typo3.org>
Fri, 27 Feb 2009 15:45:26 +0000 (15:45 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@5094 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_div.php

index 568e0b2..7b16e9f 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 2009-02-27  Michael Stucki  <michael@typo3.org>
 
+       * Fixed bug #10131: Use TYPO3 encryption key in initial state of random byte generation (ported from TYPO3_4-2, thanks to Marcus Krause)
        * Follow-up to #10083: Constant styles.content.imgtext.separateRows has a wrong default value. This was changed accidentally during a bugfix on 2009-01-09. Reverting back to the old bahaviour. Thanks to Adrian Fischer for pointing this out!
 
 2009-02-27  Ingo Renner  <ingo@typo3.org>
index c41c82e..65eff56 100755 (executable)
@@ -1539,10 +1539,12 @@ final class t3lib_div {
 
                        // fallback if /dev/urandom is not available
                if (!isset($output{$count - 1})) {
-                       $randomState = getmypid();
+                               // We initialize with the somewhat random.
+                       $randomState = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
+                                                       . microtime() . getmypid();
                        while (!isset($output{$count - 1})) {
-                               $randomState = sha1(microtime() . mt_rand() . $randomState);
-                               $output .= sha1(mt_rand() . $randomState, true);
+                               $randomState = md5(microtime() . mt_rand() . $randomState);
+                               $output .= md5(mt_rand() . $randomState, true);
                        }
                        $output = substr($output, strlen($output) - $count, $count);
                }