Dev: Don't include special chars in random session name (can create s…

…yntax error)
LimeSurvey · Nov 14, 2019 · b1bc306 · b1bc306
1 parent 289d589
commit b1bc306
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/application/controllers/InstallerController.php b/application/controllers/InstallerController.php
@@ -1054,7 +1054,7 @@ private function _writeConfigFile()
             ."\t\t".""."\n"
 
             ."\t\t"." 'session' => array ("."\n"
-            ."\t\t\t"."'sessionName'=>'LS-".$this->_getRandomString(5)."'"."\n"
+            ."\t\t\t"."'sessionName'=>'LS-".$this->_getRandomString(16)."'"."\n"
             ."\t\t\t"."// Uncomment the following lines if you need table-based sessions."."\n"
             ."\t\t\t"."// Note: Table-based sessions are currently not supported on MSSQL server."."\n"
             ."\t\t\t"."// 'class' => 'application.core.web.DbHttpSession',"."\n"
@@ -1122,7 +1122,9 @@ private function _getRandomString($iTotalChar=64)
     {
         $sResult = '';
         for ($i = 0; $i < $iTotalChar; $i++) {
-            $sResult .= chr(rand(33, 126));
+            // Range 65-90 means A-Z, uppercase. Lowercase is betweeen 97-122.
+            // @see http://www.asciitable.com/
+            $sResult .= chr(rand(65, 90));
         }
         return $sResult;
     }