Merge branch 'master' into next
authorMatthias Schmidt <gravatronics@live.com>
Wed, 11 Sep 2019 16:19:09 +0000 (18:19 +0200)
committerMatthias Schmidt <gravatronics@live.com>
Wed, 11 Sep 2019 16:19:09 +0000 (18:19 +0200)
1  2 
wcfsetup/install/files/lib/action/FacebookAuthAction.class.php

index b5f4548f358c3512afc896a7d6177d4dd3940c97,08d2e69f48e49d68e478e59a7bc07816687ec58e..4060862bce4f2057cb79e3ee7733245198f6da81
@@@ -156,9 -145,9 +156,9 @@@ class FacebookAuthAction extends Abstra
                }
                
                // start auth by redirecting to facebook
 -              $token = StringUtil::getRandomID();
 +              $token = bin2hex(\random_bytes(20));
                WCF::getSession()->register('__facebookInit', $token);
-               HeaderUtil::redirect("https://www.facebook.com/dialog/oauth?client_id=".StringUtil::trim(FACEBOOK_PUBLIC_KEY). "&redirect_uri=".rawurlencode($callbackURL)."&state=".$token."&scope=email,user_birthday,user_location");
+               HeaderUtil::redirect("https://www.facebook.com/dialog/oauth?client_id=".StringUtil::trim(FACEBOOK_PUBLIC_KEY). "&redirect_uri=".rawurlencode($callbackURL)."&state=".$token."&scope=email");
                $this->executed();
                exit;
        }