From 87fcd562795bada4ea2101391f3ae1c0b5a90793 Mon Sep 17 00:00:00 2001
From: Chuck Hagenbuch <chuck@horde.org>
Date: Mon, 6 Sep 2010 00:53:14 -0400
Subject: [PATCH] Unless I'm missing something, packing the mt_rand() result as
 an unsigned int doesn't lose any data but takes up predictably less space,
 letting us say that this is always a 24-char random id.

Also, rather than giving up randomness, use url-safe base64 encoding.
---
 framework/Support/lib/Horde/Support/Randomid.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/framework/Support/lib/Horde/Support/Randomid.php b/framework/Support/lib/Horde/Support/Randomid.php
index f3db7964b..71c160e16 100644
--- a/framework/Support/lib/Horde/Support/Randomid.php
+++ b/framework/Support/lib/Horde/Support/Randomid.php
@@ -7,8 +7,8 @@
  */
 
 /**
- * Class for generating a random ID string. This string uses all characters
- * in the class [0-9a-zA-Z].
+ * Class for generating a 24-character random ID string. This string uses all
+ * characters in the class [-_0-9a-zA-Z].
  *
  * <code>
  *  <?php
@@ -46,9 +46,9 @@ class Horde_Support_Randomid
      */
     public function generate()
     {
-        /* Base64 can have /, +, and = characters.  Restrict to just
-         * numbers and letters. */
-        $this->_rid = str_replace(array('/', '+', '='), 0, base64_encode(pack('H*', mt_rand() . str_replace('.', '', uniqid('', true)) . dechex(getmypid()))));
+        // Base64 can have /, +, and = characters. Restrict to URL-safe
+        // characters.
+        $this->_rid = str_replace(array('/', '+', '='), array('-', '_', ''), base64_encode(pack('I', mt_rand()) . pack('H*', str_replace('.', '', uniqid('', true)) . dechex(getmypid()))));
     }
 
     /**
-- 
2.11.0