Clean up `$prefix` generation in install.php

author Tim Düsterhus <duesterhus@woltlab.com>

Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)

committer Tim Düsterhus <duesterhus@woltlab.com>

Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)
author Tim Düsterhus <duesterhus@woltlab.com>
Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)
committer Tim Düsterhus <duesterhus@woltlab.com>
Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)
diff --git a/wcfsetup/install.php b/wcfsetup/install.php

index 305dc5caafbeaf02950f263ee415a51753029ccb..def1312747c11cc8fe4cf0095e7f9e0531b02efc 100644 (file)
--- a/wcfsetup/install.php
+++ b/wcfsetup/install.php
@@ -1203,7 +1203,7 @@ if (isset($_REQUEST['tmpFilePrefix'])) {
         $prefix = preg_replace('/[^a-f0-9_]+/', '', $_REQUEST['tmpFilePrefix']);
  }
  else {
-       $prefix = substr(sha1(uniqid(microtime())), 0, 8);
+       $prefix = \bin2hex(\random_bytes(4));
  }
  define('TMP_FILE_PREFIX', $prefix);
author	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Wed, 22 Sep 2021 10:33:58 +0000 (12:33 +0200)