From b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 07 Sep 2009 08:51:21 -0400
Subject: [PATCH] - Use faster/secure mt_rand() (#1486094)

---
 program/include/session.inc |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/program/include/session.inc b/program/include/session.inc
index a73ee5c..bd4e2a1 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -65,8 +65,13 @@
   
   $now = $DB->fromunixtime(time());
 
-  if ($oldvars = rcube_sess_read($key)) {
-    $a_oldvars = rcube_sess_unserialize($oldvars);
+  $sql_result = $DB->query(
+    "SELECT vars FROM " . get_table_name('session') . "
+     WHERE  sess_id=?", $key);
+
+  if ($sql_arr = $DB->fetch_assoc($sql_result)) {
+
+    $a_oldvars = rcube_sess_unserialize($sql_arr['vars']);
     foreach ((array)$GLOBALS['rcube_session_unsets'] as $k)
       unset($a_oldvars[$k]);
 
@@ -240,7 +245,7 @@
   $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
   for ($random = "", $i=1; $i <= 32; $i++) {
-    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+    $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
   }
 
   // use md5 value for id or remove capitals from string $randval

--
Gitblit v1.9.1