Add microseconds to filename format to make it harder to predict

CHANGES.md

@@ -7,6 +7,7 @@ Changes in 8.9.5
 - Fix stored XSS security issue: escape HTML attribute in StudentAssignments.fnc.php, thanks to @dungtuanha
 - Use big random number for parent password generation in NotifyParents.php & CreateParents.php, thanks to @intrapus
 - Fix stored XSS security issue: remove inline JS from URL in PreparePHP_SELF.fnc.php, thanks to @intrapus
+- Add microseconds to filename format to make it harder to predict in StudentAssignments.fnc.php, thanks to @dungtuanha
 
 Changes in 8.9.4
 ----------------

modules/Grades/includes/StudentAssignments.fnc.php

@@ -27,6 +27,7 @@
  * @uses FileUpload()
  * @uses SanitizeHTML()
  * @since 2.9
+ * @since 8.9.5 Add microseconds to filename format to make it harder to predict.
  *
  * @param  string  $assignment_id Assignment ID.
  * @param  array   $error         Global errors array.
@@ -59,7 +60,10 @@ function StudentAssignmentSubmit( $assignment_id, &$error )
 
 	$files = issetVal( $old_data['files'] );
 
-	$timestamp = date( 'Y-m-d H:i:s' );
+	$timestamp = new \DateTime();
+
+	// @since 8.9.5 Add microseconds to filename format to make it harder to predict.
+	$timestamp = $timestamp->format( 'Y-m-d H:i:s.u' );
 
 	$assignments_path = GetAssignmentsFilesPath( $assignment['STAFF_ID'] );