Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Switch to generating UUID4 components with wp_rand()#10694

Closed
johnbillion wants to merge 4 commits into
WordPress:trunkfrom
johnbillion:59239-wp_generate_uuid4
Closed

Switch to generating UUID4 components with wp_rand()#10694
johnbillion wants to merge 4 commits into
WordPress:trunkfrom
johnbillion:59239-wp_generate_uuid4

Conversation

@johnbillion

@johnbillion johnbillion commented Jan 8, 2026
edited
Loading

Copy link
Copy Markdown
Member

Trac ticket: Core-59239

@github-actions

github-actions Bot commented Jan 8, 2026
edited
Loading

Copy link
Copy Markdown

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props johnbillion, jorbin, peterwilsoncc, westonruter, mukesh27.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@github-actions

github-actions Bot commented Jan 8, 2026

Copy link
Copy Markdown

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • The Plugin and Theme Directories cannot be accessed within Playground.
  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

@westonruter westonruter mentioned this pull request Jan 9, 2026
Closed
mukeshpanchal27
mukeshpanchal27 reviewed Jan 11, 2026
View reviewed changes

@mukeshpanchal27 mukeshpanchal27 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you verified the bitwise operations (| 0x4000, | 0x8000)?

Comment thread src/wp-includes/functions.php
@westonruter westonruter requested a review from Copilot January 11, 2026 21:21
Copilot AI reviewed Jan 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request improves the security of UUID4 generation in WordPress by replacing the non-cryptographically secure mt_rand() function with wp_rand(), which uses a cryptographically secure pseudo-random number generator (CSPRNG) when available.

Changes:

  • Replaced all 8 calls to mt_rand() with wp_rand() in the wp_generate_uuid4() function

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aaronjorbin
Only use wp_rand if the function exists.
f02aa6d 
Prevents a fatal if this function is called before pluggable functions have been loaded.

Props peterwilsoncc.
peterwilsoncc
peterwilsoncc approved these changes Mar 18, 2026
View reviewed changes

@peterwilsoncc peterwilsoncc left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Jorbin, this looks good to me presuming the unit tests pass.

@github-actions

github-actions Bot commented Mar 19, 2026

Copy link
Copy Markdown

A commit was made that fixes the Trac ticket referenced in the description of this pull request.

SVN changeset: 62054
GitHub commit: aaf38ca

This PR will be closed, but please confirm the accuracy of this and reopen if there is more work to be done.

@github-actions github-actions Bot closed this Mar 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaronjorbin aaronjorbin aaronjorbin left review comments

Copilot code review Copilot Copilot left review comments

@westonruter westonruter westonruter approved these changes

@peterwilsoncc peterwilsoncc peterwilsoncc approved these changes

+1 more reviewer

@mukeshpanchal27 mukeshpanchal27 mukeshpanchal27 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@johnbillion @westonruter @peterwilsoncc @aaronjorbin @mukeshpanchal27