Make cache_id unpredictable. Closes #2326

A random number up to 10^(15+4) is almost equivalent to 64 bits of entropy, it should be enough for preventing easy-guessing. Refs. 818ad98
carrierwaveuploader · Jun 23, 2019 · fc65d16 · fc65d16
1 parent 629afec
commit fc65d16
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/lib/carrierwave/uploader/cache.rb b/lib/carrierwave/uploader/cache.rb
@@ -25,9 +25,9 @@ def self.increment
   #
   def self.generate_cache_id
     [Time.now.utc.to_i,
-      Process.pid,
-      '%04d' % (CarrierWave::CacheCounter.increment % 10000),
-      '%04d' % SecureRandom.random_number(10000)
+      SecureRandom.random_number(1_000_000_000_000_000),
+      '%04d' % (CarrierWave::CacheCounter.increment % 10_000),
+      '%04d' % SecureRandom.random_number(10_000)
     ].map(&:to_s).join('-')
   end