Use constant time hexadecimal encoding in migrate_multifactor
authorTim Düsterhus <duesterhus@woltlab.com>
Wed, 9 Dec 2020 10:44:56 +0000 (11:44 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Wed, 9 Dec 2020 10:44:56 +0000 (11:44 +0100)
wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php

index dd4a4f988f1295f714827ca45607eb959f60f210..7cd4e2a2ca1094ebbc996bca7adaeedb445e8e1e 100644 (file)
@@ -10,6 +10,7 @@
  */
 
 use ParagonIE\ConstantTime\Base32;
+use ParagonIE\ConstantTime\Hex;
 use wcf\data\object\type\ObjectTypeCache;
 use wcf\data\package\PackageCache;
 use wcf\data\user\User;
@@ -98,7 +99,7 @@ foreach ($userIDs as $userID) {
        while ($row = $existingTotpAuthenticatorStatement->fetchArray()) {
                $createTotpStatement->execute([
                        $totpSetup->getId(),
-                       \bin2hex(\random_bytes(16)),
+                       Hex::encode(\random_bytes(16)),
                        $row['name'],
                        Base32::decodeUpper($row['secret']),
                        ($row['time'] / 30),