Agreed. Fortunately it doesn't significantly reduce entropy.
Corrected code, included in v1.5.5 since the 03-22-2016 zip, reads:
Code:
function zen_random_name()
{
$letters = 'abcdefghijklmnopqrstuvwxyz';
$dirname = '.';
if (defined('DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT') && DOWNLOADS_SKIP_DOT_PREFIX_ON_REDIRECT === TRUE) $dirname = '';
$length = floor(zen_rand(16,20));
for ($i = 1; $i <= $length; $i++) {
$q = floor(zen_rand(0,25));
$dirname .= $letters[$q];
}
return $dirname;
}
Affects ZC versions 1.5.2 to 1.5.4 (well, prior versions too, but versions older than v152 don't run properly on PHP 5.4)
Bookmarks