phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017603phplist applicationHTML Email Supportpublic09-02-15 10:3006-07-15 18:04
Reporterhenktiggelaar 
PrioritynormalSeverityminorReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformPHP 5.4OSWindowsOS Version7
Product Version3.0.12 
Target Version3.0.XFixed in Version3.2.0 
Summary0017603: Incorrect images in HTML emails due to duplicate $cid values in add_html_image function on Windows
DescriptionphpList uses uniqid(time()) as a random value for generating $cid values in the add_html_image function. When running phpList on a Windows system, this leads to incorrect images being displayed in HTML emails containing embedded images due to duplicate $cid values.

The PHP manual for uniqid states "This function does not create random nor unpredictable strings...". On a Windows system using PHP 5.4.37 calling uniqid several times returns the exact same values.

To fix this, change the following line in class.phplistmailer.php

$cid = md5(uniqid(time()));

to something more random like

$cid = md5(mt_rand().$name.uniqid(time(), TRUE));
Steps To ReproduceRun the following PHP script on Windows and note the exact same values being returned:

<?php
for($i=0; $i<10; $i++)
   echo md5(uniqid(time()))."\n";
?>
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0055954)
michiel (manager)
04-03-15 17:40

nice, and it's even faster :-)


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker