#11431

git-svn-id: file:///svn/phpbb/trunk@7684 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/docs/CHANGELOG.html

@@ -33,8 +33,8 @@ p {
 	font-size: 8pt;
 }
 
-hr { 
-	height: 0; 
+hr {
+	height: 0;
 	border: solid #D1D7DC 0;
 	border-top-width: 1px;
 }
@@ -93,7 +93,7 @@ h3 {
 }
 
 code {
-	color: #006600; 
+	color: #006600;
 	font-weight: normal;
 	font-family: 'Courier New', monospace;
 	border-color: #D1D7DC;
@@ -212,9 +212,10 @@ p a {
 		<li>[Fix] Introduced checks to stop negative postcounts (Bug #11561, #11421)</li>
 		<li>[Fix] Allow IP v4/v6 urls for remote avatars (Bug #11633)</li>
 		<li>[Fix] Delete avatar files automatically (Bug #11631)</li>
-		<li>[Fix] Automatically add selected columsn to group by statements in the converter (Bug #11465)</li>
+		<li>[Fix] Automatically add selected columns to group by statements in the converter (Bug #11465)</li>
 		<li>[Fix] Allow posts without subjects to be clicked in the MCP (Bug #11483)</li>
 		<li>[Fix] Sync the forums that shadow topics reside in when the topic that they point to is deleted</li>
+		<li>[Fix] Do not use the gen_random_string function to create cookie names during install (Bug #11431)</li>
 	</ul>
 
 	</div>

phpBB/install/install_install.php

@@ -1359,7 +1359,10 @@ class install_install extends module
 
 		// We set a (semi-)unique cookie name to bypass login issues related to the cookie name.
 		$cookie_name = 'phpbb3_';
-		$cookie_name .= strtolower(gen_rand_string(5));
+		$rand_str = md5(mt_rand());
+		$rand_str = str_replace('0', 'z', base_convert($rand_str, 16, 35));
+		$rand_str = substr($rand_str, 0, 5);
+		$cookie_name .= strtolower($rand_str);
 
 		$sql_ary[] = 'UPDATE ' . $table_prefix . "config
 			SET config_value = '" . $db->sql_escape($cookie_name) . "'