From: Tom Needham <needham.thomas@gmail.com>
Date: Wed, 4 Apr 2012 13:17:03 +0000 (+0000)
Subject: Make the token really random
X-Git-Tag: v4.0.0beta~381^2~10
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=85f9869f6925ef52c1015916bbc28e13c15abc73;p=nextcloud-server.git

Make the token really random
---

diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index 9529c0c957c..a9b7d10804f 100644
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -12,7 +12,7 @@ require_once('../../lib/base.php');
 // Someone lost their password:
 if (isset($_POST['user'])) {
 	if (OC_User::userExists($_POST['user'])) {
-		$token = sha1($_POST['user'].uniqId());
+		$token = sha1($_POST['user'].md5(uniqid(rand(), true)));
 		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 		if (!empty($email)) {