[wp-trac] [WordPress Trac] #59239: wp_generate_uuid4 collisions
WordPress Trac
noreply at wordpress.org
Fri Jan 9 12:01:23 UTC 2026
#59239: wp_generate_uuid4 collisions
--------------------------+---------------------
Reporter: joppuyo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Comment (by joppuyo):
I created this ticket too because I observed some collisions when
generating UUIDs with wp_generate_uuid4().
[https://www.php.net/manual/en/function.mt-srand.php According to PHP
documentation], after 80,000 iterations the chance of a collision is 50%.
I tested this myself by generating UUIDs using this function in a loop and
after few minutes I managed to generate a collision around 80,000
iterations.
It seems like wp_rand() is a wrapper around random_int() and it only uses
a fallback if the random_int() throws an exception (no random source
available) or the function is not available. As it was added in PHP 7.0
that's probably not relevant in current WordPress versions as they don't
support PHP 5 any longer.
I think it could be possible to just use random_int() directly if
wp_rand() is not available. If that's too much duplicate code it might be
possible to drop wp_rand() completely so the function works without the
dependency on pluggable functions being loaded.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59239#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list