projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 66e6333)
Fix validation of hashes in BackupMultifactorMethod
authorTim Düsterhus <duesterhus@woltlab.com>
Fri, 27 Nov 2020 09:52:53 +0000 (10:52 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Fri, 27 Nov 2020 10:03:24 +0000 (11:03 +0100)
wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
index 18dbdd29233b62447c5e8314af5e076fd572ac41..7f5a6b1a8b7f608b3ac3c664c095b21198e0e2f3 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
@@ -224,7 +224,7 @@ class BackupMultifactorMethod implements IMultifactorMethod {
                
                $result = null;
                foreach ($codes as $code) {
-                       [$algorithmName, $hash] = \explode(':', $code['code']);
+                       [$algorithmName, $hash] = \explode(':', $code['code'], 2);
                        $algorithm = $manager->getAlgorithmFromName($algorithmName);
                        
                        // The use of `&` is intentional to disable the shortcutting logic.
WoltLab Suite Core (previously WoltLab Community Framework)