Simplify generation of random cookie prefix in WCFSetup

diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php
index 792ed2893d89ccf7129241294f30983399beab27..f34ba175d5dabd207b1509362dbb3bd259f53971 100644 (file)
--- a/wcfsetup/install/files/lib/system/WCFSetup.class.php
+++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php
@@ -1319,7 +1319,7 @@ class WCFSetup extends WCF
         if ($useRandomCookiePrefix) {
             $cookieNames = \array_keys($_COOKIE);
             while (true) {
-                $prefix = 'wsc_' . \substr(\sha1((string)\mt_rand()), 0, 6) . '_';
+                $prefix = 'wsc_' . \bin2hex(\random_bytes(3)) . '_';
                 $isValid = true;
                 foreach ($cookieNames as $cookieName) {
                     if (\strpos($cookieName, $prefix) === 0) {