Fix validation of hashes in BackupMultifactorMethod
authorTim Düsterhus <duesterhus@woltlab.com>
Fri, 27 Nov 2020 09:52:53 +0000 (10:52 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Fri, 27 Nov 2020 10:03:24 +0000 (11:03 +0100)
wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php

index 18dbdd29233b62447c5e8314af5e076fd572ac41..7f5a6b1a8b7f608b3ac3c664c095b21198e0e2f3 100644 (file)
@@ -224,7 +224,7 @@ class BackupMultifactorMethod implements IMultifactorMethod {
                
                $result = null;
                foreach ($codes as $code) {
-                       [$algorithmName, $hash] = \explode(':', $code['code']);
+                       [$algorithmName, $hash] = \explode(':', $code['code'], 2);
                        $algorithm = $manager->getAlgorithmFromName($algorithmName);
                        
                        // The use of `&` is intentional to disable the shortcutting logic.