From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Fri, 31 Jul 2009 05:23:04 +0000 (+0000)
Subject: Remove personal data from Message ID seed. (#880029/847107)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=dda811a12b5927a8728df9817b749b444f6d7a2a;p=squirrelmail.git

Remove personal data from Message ID seed. (#880029/847107)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13805 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/class/deliver/Deliver.class.php b/class/deliver/Deliver.class.php
index 356c6d77..fb085cb5 100644
--- a/class/deliver/Deliver.class.php
+++ b/class/deliver/Deliver.class.php
@@ -590,15 +590,9 @@ class Deliver {
         /* Create a message-id */
         $message_id = 'MESSAGE ID GENERATION ERROR! PLEASE CONTACT SQUIRRELMAIL DEVELOPERS';
         if (empty($rfc822_header->message_id)) {
-            $message_id = '<';
-            /* user-specifc data to decrease collision chance */
-            $seed_data = $username . '.';
-            $seed_data .= (!empty($REMOTE_PORT) ? $REMOTE_PORT . '.' : '');
-            $seed_data .= (!empty($REMOTE_ADDR) ? $REMOTE_ADDR . '.' : '');
-            /* add the current time in milliseconds and randomness */
-            $seed_data .= uniqid(mt_rand(),true);
-            /* put it through one-way hash and add it to the ID */
-            $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>';
+            $message_id = '<'
+                        . md5(GenerateRandomString(16, '', 7) . uniqid(mt_rand(),true))
+                        . '.squirrel@' . $SERVER_NAME .'>';
         }
 
         /* Make an RFC822 Received: line */
diff --git a/doc/ChangeLog b/doc/ChangeLog
index e880b68a..34767c78 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -321,6 +321,7 @@ Version 1.5.2 - SVN
   - Removed the shut down DSBL blocklists (#2796734).
   - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839).
   - Stop using deprecated ereg functions. (#2820952)
+  - Remove personal data from Message ID seed. (#880029/847107)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------