From 102422679dde7700536122548779355cb73d1cb3 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Sat, 16 Jun 2018 14:09:58 +0000
Subject: [PATCH] Security: Harden the random aspect of the hash used for user
 profile and admin email address changes.

Props BjornW

Fixes #43771


git-svn-id: https://develop.svn.wordpress.org/trunk@43367 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/misc.php | 2 +-
 src/wp-includes/user.php       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php
index db04526165..00397dd564 100644
--- a/src/wp-admin/includes/misc.php
+++ b/src/wp-admin/includes/misc.php
@@ -1205,7 +1205,7 @@ function update_option_new_admin_email( $old_value, $value ) {
 		return;
 	}
 
-	$hash            = md5( $value . time() . mt_rand() );
+	$hash            = md5( $value . time() . wp_rand() );
 	$new_admin_email = array(
 		'hash'     => $hash,
 		'newemail' => $value,
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index e3fb895f3d..73c3f3c2fe 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -2726,7 +2726,7 @@ function send_confirmation_on_profile_email() {
 			return;
 		}
 
-		$hash           = md5( $_POST['email'] . time() . mt_rand() );
+		$hash           = md5( $_POST['email'] . time() . wp_rand() );
 		$new_user_email = array(
 			'hash'     => $hash,
 			'newemail' => $_POST['email'],