From c2479cf23d970aa67788ad8edb9d9a3b33e74f3a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 3 Jan 2019 14:10:38 +0100
Subject: [PATCH] Implement StringUtil::getUUID() in terms of a CSPRNG

---
 .../install/files/lib/util/StringUtil.class.php  | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php
index 36a556687a..9de5d0771a 100644
--- a/wcfsetup/install/files/lib/util/StringUtil.class.php
+++ b/wcfsetup/install/files/lib/util/StringUtil.class.php
@@ -56,7 +56,21 @@ final class StringUtil {
 	 * @return	string
 	 */
 	public static function getUUID() {
-		return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
+		return sprintf(
+			'%04x%04x-%04x-%04x-%02x%02x-%04x%04x%04x',
+			// time_low
+			random_int(0, 0xffff), random_int(0, 0xffff),
+			// time_mid
+			random_int(0, 0xffff), 
+			// time_hi_and_version
+			random_int(0, 0x0fff) | 0x4000,
+			// clock_seq_hi_and_res
+			random_int(0, 0x3f) | 0x80,
+			// clock_seq_low
+			random_int(0, 0xff),
+			// node
+			random_int(0, 0xffff), random_int(0, 0xffff), random_int(0, 0xffff)
+		);
 	}
 	
 	/**
-- 
2.20.1