Replace the function with this one. I am just looking for a way to make it as secure as possible without the ability to guess the name.
I have never run into this issue but with a bit of digging, i see that php crypt() does include these characters.
in sell-my-plugin.php replace with this.
function gen_secret_dir() {
//set the random id length
$random_id_length = 10;
//generate a random id encrypt it and store it in $rnd_id
$rnd_id = crypt(uniqid(rand(),1));
//to remove any slashes that might have come
$rnd_id = strip_tags(stripslashes($rnd_id));
//Removing any . or / and reversing the string
$rnd_id = str_replace(".","",$rnd_id);
$rnd_id = strrev(str_replace("/","",$rnd_id));
//finally I take the first 10 characters from the $rnd_id
$rnd_id = substr($rnd_id,0,$random_id_length);
return $rnd_id;
} # End Secret Dir
Let me know if there are any other issues.
