diff --git a/api/src/Etemplate/Request.php b/api/src/Etemplate/Request.php index 8205376bce..3d0e5a74d9 100644 --- a/api/src/Etemplate/Request.php +++ b/api/src/Etemplate/Request.php @@ -350,6 +350,24 @@ class Request return isset($this->data['to_process'][$form_name]); } + /** + * creates a new unique request-id + * + * @return string + */ + static function request_id() + { + // As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too. + $userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid'])); + + // generate random token (using oppenssl if available otherwise mt_rand based Auth::randomstring) + $token = function_exists('openssl_random_pseudo_bytes') ? + base64_encode(openssl_random_pseudo_bytes(32)) : + Auth::randomstring(44); + + return $GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_'.$token; + } + /** * magic function to set all request-vars, used eg. as $request->method = 'app.class.method'; * diff --git a/api/src/Etemplate/Request/Cache.php b/api/src/Etemplate/Request/Cache.php index de6394cd56..fc258b574c 100644 --- a/api/src/Etemplate/Request/Cache.php +++ b/api/src/Etemplate/Request/Cache.php @@ -115,18 +115,6 @@ class Cache extends Etemplate\Request return $request; } - /** - * creates a new unique request-id - * - * @return string - */ - static function request_id() - { - // As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too. - $userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid'])); - return uniqid($GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_',true); - } - /** * saves content,readonlys,template-keys, ... via eGW's appsession function * diff --git a/api/src/Etemplate/Request/Files.php b/api/src/Etemplate/Request/Files.php index 950754f41e..704e242147 100644 --- a/api/src/Etemplate/Request/Files.php +++ b/api/src/Etemplate/Request/Files.php @@ -129,7 +129,7 @@ class Files extends Etemplate\Request { do { - $id = uniqid('etemplate_'.$GLOBALS['egw_info']['flags']['currentapp'].'_',true); + $id = parent::request_id(); } while (file_exists(self::$directory.'/'.$id)); diff --git a/api/src/Etemplate/Request/Session.php b/api/src/Etemplate/Request/Session.php index adbb592298..14e0f11358 100644 --- a/api/src/Etemplate/Request/Session.php +++ b/api/src/Etemplate/Request/Session.php @@ -104,19 +104,6 @@ class Session extends Etemplate\Request return $request; } - /** - * creates a new request-id via microtime() - * - * @return string - */ - static function request_id() - { - $time = (int) (100 * microtime(true)); // gives precision of 1/100 sec - $id = $GLOBALS['egw_info']['flags']['currentapp'] .':'. $time; - - return $id; - } - /** * saves content,readonlys,template-keys, ... via eGW's appsession function *