WordPress.org

Make WordPress Core

Changeset 43094


Ignore:
Timestamp:
05/02/2018 02:18:48 AM (2 years ago)
Author:
SergeyBiryukov
Message:

Privacy: Use a CSPRNG in export filenames for more security.

rand() is deterministic and therefore offers much less protection in this context. wp_generate_password() is a convenient wrapper around wp_rand(), which uses random_int() to generate cryptographically-secure psuedorandom numbers.

Props iandunn.
Merges [43045] to the 4.9 branch.
See #43546.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/file.php

    r43092 r43094  
    19061906    $stripped_email       = str_replace( '@', '-at-', $email_address );
    19071907    $stripped_email       = sanitize_title( $stripped_email ); // slugify the email address
    1908     $obscura              = md5( rand() );
     1908    $obscura              = wp_generate_password( 32, false, false );
    19091909    $file_basename        = 'wp-personal-data-file-' . $stripped_email . '-' . $obscura;
    19101910    $html_report_filename = $file_basename . '.html';
Note: See TracChangeset for help on using the changeset viewer.