From 99c79f264b8fa8fe7f63a423eebd54bd234b51fd Mon Sep 17 00:00:00 2001
From: Yuriy Pikhtarev <iglix@me.com>
Date: Fri, 5 May 2017 01:04:13 +0300
Subject: [PATCH] Insecure 'uniqid(...)' usage (Insufficient Entropy
 Vulnerability).

(cherry picked from commit 8d1a7d4)
---
 library/includes/classes/emailer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/includes/classes/emailer.php b/library/includes/classes/emailer.php
index 966a07a40..91c80490f 100644
--- a/library/includes/classes/emailer.php
+++ b/library/includes/classes/emailer.php
@@ -198,7 +198,7 @@ class emailer
 
         // Build header
         $type = ($email_format == 'html') ? 'html' : 'plain';
-        $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $bb_cfg['board_email'] . "\n") . "Return-Path: " . $bb_cfg['board_email'] . "\nMessage-ID: <" . md5(uniqid(TIMENOW)) . "@" . $bb_cfg['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/$type; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', TIMENOW) . "\nX-Priority: 0\nX-MSMail-Priority: Normal\nX-Mailer: Microsoft Office Outlook, Build 11.0.5510\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441\nX-Sender: " . $bb_cfg['board_email'] . "\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : '');
+        $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $bb_cfg['board_email'] . "\n") . "Return-Path: " . $bb_cfg['board_email'] . "\nMessage-ID: <" . md5(uniqid(TIMENOW, true)) . "@" . $bb_cfg['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/$type; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', TIMENOW) . "\nX-Priority: 0\nX-MSMail-Priority: Normal\nX-Mailer: Microsoft Office Outlook, Build 11.0.5510\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441\nX-Sender: " . $bb_cfg['board_email'] . "\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : '');
 
         // Send message
         if ($this->use_smtp) {