From 62be0ed93ae02260d96dffa3f0fe82bf0dde6ffd Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Sat, 26 May 2007 12:44:17 +0000
Subject: [PATCH] #11431

git-svn-id: file:///svn/phpbb/trunk@7684 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html         | 9 +++++----
 phpBB/install/install_install.php | 5 ++++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 117e3322c2..9f77c8bebb 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -33,8 +33,8 @@ p {
 	font-size: 8pt;
 }
 
-hr { 
-	height: 0; 
+hr {
+	height: 0;
 	border: solid #D1D7DC 0;
 	border-top-width: 1px;
 }
@@ -93,7 +93,7 @@ h3 {
 }
 
 code {
-	color: #006600; 
+	color: #006600;
 	font-weight: normal;
 	font-family: 'Courier New', monospace;
 	border-color: #D1D7DC;
@@ -212,9 +212,10 @@ p a {
 		<li>[Fix] Introduced checks to stop negative postcounts (Bug #11561, #11421)</li>
 		<li>[Fix] Allow IP v4/v6 urls for remote avatars (Bug #11633)</li>
 		<li>[Fix] Delete avatar files automatically (Bug #11631)</li>
-		<li>[Fix] Automatically add selected columsn to group by statements in the converter (Bug #11465)</li>
+		<li>[Fix] Automatically add selected columns to group by statements in the converter (Bug #11465)</li>
 		<li>[Fix] Allow posts without subjects to be clicked in the MCP (Bug #11483)</li>
 		<li>[Fix] Sync the forums that shadow topics reside in when the topic that they point to is deleted</li>
+		<li>[Fix] Do not use the gen_random_string function to create cookie names during install (Bug #11431)</li>
 	</ul>
 
 	</div>
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index ef04a1e3b9..1bf86318c8 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -1359,7 +1359,10 @@ class install_install extends module
 
 		// We set a (semi-)unique cookie name to bypass login issues related to the cookie name.
 		$cookie_name = 'phpbb3_';
-		$cookie_name .= strtolower(gen_rand_string(5));
+		$rand_str = md5(mt_rand());
+		$rand_str = str_replace('0', 'z', base_convert($rand_str, 16, 35));
+		$rand_str = substr($rand_str, 0, 5);
+		$cookie_name .= strtolower($rand_str);
 
 		$sql_ary[] = 'UPDATE ' . $table_prefix . "config
 			SET config_value = '" . $db->sql_escape($cookie_name) . "'