From 02597413e7d9f1bcfe7d994541cf604bd2cb6143 Mon Sep 17 00:00:00 2001 From: chinpei215 Date: Wed, 25 May 2016 20:40:26 +0900 Subject: [PATCH] Use more secure boundary --- src/Mailer/Email.php | 3 ++- src/Network/Http/FormData.php | 3 ++- tests/TestCase/Mailer/EmailTest.php | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Mailer/Email.php b/src/Mailer/Email.php index 209dd85539c..ec019b0c3c4 100644 --- a/src/Mailer/Email.php +++ b/src/Mailer/Email.php @@ -22,6 +22,7 @@ use Cake\Log\Log; use Cake\Network\Http\FormData\Part; use Cake\Utility\Hash; +use Cake\Utility\Security; use Cake\Utility\Text; use Cake\View\ViewVarsTrait; use Closure; @@ -1610,7 +1611,7 @@ protected function _wrap($message, $wrapLength = Email::LINE_LENGTH_MUST) protected function _createBoundary() { if (!empty($this->_attachments) || $this->_emailFormat === 'both') { - $this->_boundary = md5(uniqid(time())); + $this->_boundary = md5(Security::randomBytes(16)); } } diff --git a/src/Network/Http/FormData.php b/src/Network/Http/FormData.php index 73f40a21173..c92d0663afa 100644 --- a/src/Network/Http/FormData.php +++ b/src/Network/Http/FormData.php @@ -14,6 +14,7 @@ namespace Cake\Network\Http; use Cake\Network\Http\FormData\Part; +use Cake\Utility\Security; use Countable; use finfo; @@ -66,7 +67,7 @@ public function boundary() if ($this->_boundary) { return $this->_boundary; } - $this->_boundary = md5(uniqid(time())); + $this->_boundary = md5(Security::randomBytes(16)); return $this->_boundary; } diff --git a/tests/TestCase/Mailer/EmailTest.php b/tests/TestCase/Mailer/EmailTest.php index 525825d60e3..37e3bdf9503 100644 --- a/tests/TestCase/Mailer/EmailTest.php +++ b/tests/TestCase/Mailer/EmailTest.php @@ -2071,7 +2071,7 @@ public function testRenderWithLayoutAndAttachment() $this->assertNotEmpty($result); $result = $this->CakeEmail->getBoundary(); - $this->assertNotEmpty($result); + $this->assertRegExp('/^[0-9a-f]{32}$/', $result); } /**