Merge pull request #6143 from eileenmcnaughton/CRM-16788

[civicrm-core.git] / install / civicrm.php

diff --git a/install/civicrm.php b/install/civicrm.php
index ec423a1938c2e4cb31618f7243d262c105ee148d..8438e850fa27c9899139fb3332b9f35e68985029 100644 (file)
--- a/install/civicrm.php
+++ b/install/civicrm.php
@@ -235,7 +235,8 @@ function civicrm_config(&$config) {
     $params['crmRoot'] = addslashes($params['crmRoot']);
   }
 
-  $params['siteKey'] = md5(uniqid('', TRUE) . $params['baseURL']);
+  $params['siteKey'] = md5(rand() . mt_rand() . rand() . uniqid('', TRUE) . $params['baseURL']);
+  // Would prefer openssl_random_pseudo_bytes(), but I don't think it's universally available.
 
   $str = file_get_contents($tplPath . 'civicrm.settings.php.template');
   foreach ($params as $key => $value) {