Safer create_uuid implementation

wrygiel · wrygiel · commit aef3c0454133 · 2015-08-01T10:01:43.000+02:00
Fixes issue #336.
diff --git a/okapi/core.php b/okapi/core.php
@@ -933,6 +933,28 @@ class Okapi
 
     private static $okapi_vars = null;
 
+    /** Return a new, random UUID. */
+    public static function create_uuid()
+    {
+        /* If we're on Linux, then we'll use a system function for that. */
+
+        if (file_exists("/proc/sys/kernel/random/uuid")) {
+            return trim(file_get_contents("/proc/sys/kernel/random/uuid"));
+        }
+
+        /* On other systems (as well as on some other Linux distributions)
+         * fall back to the original implementation (which is NOT safe - we had
+         * one duplicate during 3 years of its running). */
+
+        return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
+            mt_rand(0, 0xffff), mt_rand(0, 0xffff),
+            mt_rand(0, 0xffff),
+            mt_rand(0, 0x0fff) | 0x4000,
+            mt_rand(0, 0x3fff) | 0x8000,
+            mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
+        );
+    }
+
     /** Get a variable stored in okapi_vars. If variable not found, return $default. */
     public static function get_var($varname, $default = null)
     {
diff --git a/okapi/services/logs/submit.php b/okapi/services/logs/submit.php
@@ -619,23 +619,12 @@ private static function increment_user_stats($user_internal_id, $logtype)
         }
     }
 
-    private static function create_uuid()
-    {
-        return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff),
-            mt_rand(0, 0xffff),
-            mt_rand(0, 0x0fff) | 0x4000,
-            mt_rand(0, 0x3fff) | 0x8000,
-            mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
-        );
-    }
-
     private static function insert_log_row(
         $consumer_key, $cache_internal_id, $user_internal_id, $logtype, $when,
         $formatted_comment, $text_html
     )
     {
-        $log_uuid = self::create_uuid();
+        $log_uuid = Okapi::create_uuid();
         Db::execute("
             insert into cache_logs (uuid, cache_id, user_id, type, date, text, text_html, last_modified, date_created, node)
             values (

Original file line number	Diff line number	Diff line change
`@@ -619,23 +619,12 @@ private static function increment_user_stats($user_internal_id, $logtype)`
`619`	`619`	`}`
`620`	`620`	`}`
`621`	`621`
`622`		`- private static function create_uuid()`
`623`		`- {`
`624`		`- return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',`
`625`		`- mt_rand(0, 0xffff), mt_rand(0, 0xffff),`
`626`		`- mt_rand(0, 0xffff),`
`627`		`- mt_rand(0, 0x0fff) \| 0x4000,`
`628`		`- mt_rand(0, 0x3fff) \| 0x8000,`
`629`		`- mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)`
`630`		`- );`
`631`		`- }`
`632`		`-`
`633`	`622`	`private static function insert_log_row(`
`634`	`623`	`$consumer_key, $cache_internal_id, $user_internal_id, $logtype, $when,`
`635`	`624`	`$formatted_comment, $text_html`
`636`	`625`	`)`
`637`	`626`	`{`
`638`		`- $log_uuid = self::create_uuid();`
	`627`	`+ $log_uuid = Okapi::create_uuid();`
`639`	`628`	`Db::execute("`
`640`	`629`	`insert into cache_logs (uuid, cache_id, user_id, type, date, text, text_html, last_modified, date_created, node)`
`641`	`630`	`values (`