Security: Harden the random aspect of the hash used for user profile and admin email address changes.

Props BjornW Fixes #43771 Built from https://develop.svn.wordpress.org/trunk@43367 git-svn-id: http://core.svn.wordpress.org/trunk@43195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:38:43 +00:00
parent 35ca5f61f8
commit 0aa2902436
3 changed files with 3 additions and 3 deletions
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -1205,7 +1205,7 @@ function update_option_new_admin_email( $old_value, $value ) {
 		return;
 	}

-	$hash            = md5( $value . time() . mt_rand() );
+	$hash            = md5( $value . time() . wp_rand() );
 	$new_admin_email = array(
 		'hash'     => $hash,
 		'newemail' => $value,