[wp-trac] [WordPress Trac] #59239: wp_generate_uuid4 collisions
WordPress Trac
noreply at wordpress.org
Sun Mar 15 21:33:49 UTC 2026
#59239: wp_generate_uuid4 collisions
-------------------------------------+---------------------
Reporter: joppuyo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+---------------------
Comment (by peterwilsoncc):
Replying to [comment:4 johnbillion]:
> One concern I have is that with this change in place,
`wp_generate_uuid4()` now relies on a pluggable function. This means it
would break any code that calls `wp_generate_uuid4()` before the
`plugins_loaded` hook. What's the likelihood of this? Low, but perhaps a
plugin somewhere is generating a UUID for each request for logging
purposes.
This could be protected against with:
{{{#!php
<?php
$randomizer = function_exists( 'wp_rand' ) ? 'wp_rand' : 'mt_rand';
//...
$randomizer( 0, 0xffff );
}}}
I agree it's a low possibility, it can only really affect `mu-plugins`,
plugins using the `plugin_loaded` (singular) hook and plugins running
bootstrapping code upon file inclusion rather than a hook.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59239#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list