View Issue Details

IDProjectCategoryView StatusLast Update
0017603phplist applicationHTML Email Supportpublic06-07-15 18:04
Reporterhenktiggelaar 
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
PlatformPHP 5.4OSWindowsOS Version7
Product Version3.0.12 
Target Version3.0.XFixed in Version3.2.0 
Summary0017603: Incorrect images in HTML emails due to duplicate $cid values in add_html_image function on Windows
DescriptionphpList uses uniqid(time()) as a random value for generating $cid values in the add_html_image function. When running phpList on a Windows system, this leads to incorrect images being displayed in HTML emails containing embedded images due to duplicate $cid values.

The PHP manual for uniqid states "This function does not create random nor unpredictable strings...". On a Windows system using PHP 5.4.37 calling uniqid several times returns the exact same values.

To fix this, change the following line in class.phplistmailer.php

$cid = md5(uniqid(time()));

to something more random like

$cid = md5(mt_rand().$name.uniqid(time(), TRUE));
Steps To ReproduceRun the following PHP script on Windows and note the exact same values being returned:

<?php
for($i=0; $i<10; $i++)
   echo md5(uniqid(time()))."\n";
?>
TagsNo tags attached.

Activities

michiel

04-03-15 17:40

manager   ~0055954

nice, and it's even faster :-)