From 818ad98998d4e44c1338cf7fe49b4aec17cbcef0 Mon Sep 17 00:00:00 2001 From: "M.Shibuya" Date: Thu, 16 May 2019 16:15:10 +0900 Subject: [PATCH] Make cache id generation less predictable. Fixes #2326 --- lib/carrierwave/uploader/cache.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/carrierwave/uploader/cache.rb b/lib/carrierwave/uploader/cache.rb index 9ee68dc83..f35da282f 100644 --- a/lib/carrierwave/uploader/cache.rb +++ b/lib/carrierwave/uploader/cache.rb @@ -1,3 +1,5 @@ +require 'securerandom' + module CarrierWave class FormNotMultipart < UploadError @@ -24,8 +26,8 @@ def self.increment def self.generate_cache_id [Time.now.utc.to_i, Process.pid, - '%04d' % (CarrierWave::CacheCounter.increment % 1000), - '%04d' % rand(9999) + '%04d' % (CarrierWave::CacheCounter.increment % 10000), + '%04d' % SecureRandom.random_number(10000) ].map(&:to_s).join('-') end