From 69e2257cbbab912d7d6a2503f3130721b9969449 Mon Sep 17 00:00:00 2001
From: botanic <devnull@localhost>
Date: Mon, 8 Sep 2014 11:46:43 -0700
Subject: [PATCH] make the random generation more secure

---
 code/web/private_php/ams/autoload/ticket.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/code/web/private_php/ams/autoload/ticket.php b/code/web/private_php/ams/autoload/ticket.php
index e6af8e188..d70ba7036 100644
--- a/code/web/private_php/ams/autoload/ticket.php
+++ b/code/web/private_php/ams/autoload/ticket.php
@@ -606,14 +606,16 @@ class Ticket{
     public static function add_Attachment($TId,$filename,$author,$tempFile){
 
         global $FILE_STORAGE_PATH;
-        $length = 20;
-        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_';
+        $length = mt_rand(20, 25);
+        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$-_.+!*\'(),';
         $randomString = '';
         for ($i = 0; $i < $length; $i++) {
             $randomString .= $characters[rand(0, strlen($characters) - 1)];
         }
         $targetFile = $FILE_STORAGE_PATH . $randomString . "/" . $filename;
         
+        if(file_exists($targetFile)) { return self::add_Attachment($TId,$filename,$author,$tempFile); }
+        
         $ticket = new Ticket();
         $ticket->load_With_TId($TId);