'[SM-CVS] SF.net SVN: squirrelmail:[13805] trunk/squirrelmail'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[13805] trunk/squirrelmail
From:       pdontthink () users ! sourceforge ! net
Date:       2009-07-31 5:23:04
Message-ID: E1MWka8-0004sS-CP () bj8yhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 13805
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13805&view=rev
Author:   pdontthink
Date:     2009-07-31 05:23:04 +0000 (Fri, 31 Jul 2009)

Log Message:
-----------
Remove personal data from Message ID seed. (#880029/847107)

Modified Paths:
--------------
    trunk/squirrelmail/class/deliver/Deliver.class.php
    trunk/squirrelmail/doc/ChangeLog

Modified: trunk/squirrelmail/class/deliver/Deliver.class.php
===================================================================
--- trunk/squirrelmail/class/deliver/Deliver.class.php	2009-07-31 05:22:35 UTC (rev \
                13804)
+++ trunk/squirrelmail/class/deliver/Deliver.class.php	2009-07-31 05:23:04 UTC (rev \
13805) @@ -590,15 +590,9 @@
         /* Create a message-id */
         $message_id = 'MESSAGE ID GENERATION ERROR! PLEASE CONTACT SQUIRRELMAIL \
DEVELOPERS';  if (empty($rfc822_header->message_id)) {
-            $message_id = '<';
-            /* user-specifc data to decrease collision chance */
-            $seed_data = $username . '.';
-            $seed_data .= (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
-            $seed_data .= (!empty($REMOTE_ADDR) ? $REMOTE_ADDR . '.' : '');
-            /* add the current time in milliseconds and randomness */
-            $seed_data .= uniqid(mt_rand(),true);
-            /* put it through one-way hash and add it to the ID */
-            $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>';
+            $message_id = '<'
+                        . md5(GenerateRandomString(16, '', 7) . \
uniqid(mt_rand(),true)) +                        . '.squirrel@' . $SERVER_NAME .'>';
         }
 
         /* Make an RFC822 Received: line */

Modified: trunk/squirrelmail/doc/ChangeLog
===================================================================
--- trunk/squirrelmail/doc/ChangeLog	2009-07-31 05:22:35 UTC (rev 13804)
+++ trunk/squirrelmail/doc/ChangeLog	2009-07-31 05:23:04 UTC (rev 13805)
@@ -321,6 +321,7 @@
   - Removed the shut down DSBL blocklists (#2796734).
   - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess \
                (#2798839).
   - Stop using deprecated ereg functions. (#2820952)
+  - Remove personal data from Message ID seed. (#880029/847107)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic