WordPress.org

Make WordPress Core

Changeset 43045


Ignore:
Timestamp:
04/30/2018 06:52:59 PM (2 years ago)
Author:
iandunn
Message:

Privacy: Use a CSPRNG in export filenames for more security.

rand() is deterministic and therefore offers much less protection in this context. wp_generate_password() is a convenient wrapper around wp_rand(), which uses random_int() to generate cryptographically-secure psuedorandom numbers.

See #43546.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r43012 r43045  
    20432043    $stripped_email       = str_replace( '@', '-at-', $email_address );
    20442044    $stripped_email       = sanitize_title( $stripped_email ); // slugify the email address
    2045     $obscura              = md5( rand() );
     2045    $obscura              = wp_generate_password( 32, false, false );
    20462046    $file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
    20472047    $html_report_filename = $file_basename . '.html';
Note: See TracChangeset for help on using the changeset viewer.