Bug #59701
closeduniqid() not returning unique values
100%
Description
uniqid() generates values based on current time,
subsequent calls may return the same value on a fast machine.
On Windows it's even worse, as uniqid()
has single-second-resolution out of the box.
Right now it is used in many places in the core, also for creating temporary identifiers for newly created records (in the datahanlder)
The solution is to add a second parameter to all calls (which adds more entropy).
see http://php.net/manual/en/function.uniqid.php
uniqid("prefix") => uniqid("prefix", TRUE)
With an empty prefix, the returned string will be 13 characters long. If more_entropy is TRUE, it will be 23 characters. So we need to test whether having longer id doesn;t break anything.
Updated by Tymoteusz Motylewski over 10 years ago
another thing to keep in mind while testing is that uniqid("", TRUE) returns id which contains a dot, e.g. "53a4364e8598c4.29100310"
Implementation:
if (more_entropy) { spprintf(&uniqid, 0, "%s%08x%05x%.8F", prefix, sec, usec, php_combined_lcg(TSRMLS_C) * 10); } else { spprintf(&uniqid, 0, "%s%08x%05x", prefix, sec, usec); }
https://github.com/php/php-src/blob/af6c11c5f060870d052a2b765dc634d9e47d0f18/ext/standard/uniqid.c
Updated by Gerrit Code Review over 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Gerrit Code Review over 10 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/30948
Updated by Tymoteusz Motylewski over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset fa817a7e4c36c2d4dd5858582462ce426fe9bc29.
Updated by Gerrit Code Review over 10 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/33328
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/33328
Updated by Tymoteusz Motylewski about 10 years ago
- Status changed from Under Review to Resolved
Applied in changeset 5df3d530de1d3c57b3da378175f02a0256ccf1c7.
Updated by Roman Eberle over 9 years ago
i think a better solution would be to create something like
...\GeneralUtility\UniqueId()
which unifies the generation of unique ids, and replace all calls to uniqid() with calls to that function.
this might be done with a smart shell-script (grep/sed), should fix pretty much all uniqid()-related errors, and allows easy modification for possible future changes to unique-id-generation.
note that I encountered typo3-exceptions related to PATTERN_ENTRYIDENTIFIER in sysext/core/Classes/Cache/Frontend/FrontendInterface.php with TYPO3 6.2.12, these don't seem to be covered by the above commits/patches.
Updated by Stephan Großberndt over 9 years ago
Hello Roman,
I just created a ticket for that.
Any additional thoughts?
Updated by Stephan Großberndt over 4 years ago
- Related to Bug #91553: Risk of non-unique field in DatePickerViewHelper added