From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 27 Nov 2020 09:52:53 +0000 (+0100)
Subject: Fix validation of hashes in BackupMultifactorMethod
X-Git-Tag: 5.4.0_Alpha_1~555^2~12
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=15cf49a0906e2f8f760fe5cb740b16ec1dc87342;p=GitHub%2FWoltLab%2FWCF.git

Fix validation of hashes in BackupMultifactorMethod
---

diff --git a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
index 18dbdd2923..7f5a6b1a8b 100644
--- a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
@@ -224,7 +224,7 @@ class BackupMultifactorMethod implements IMultifactorMethod {
 		
 		$result = null;
 		foreach ($codes as $code) {
-			[$algorithmName, $hash] = \explode(':', $code['code']);
+			[$algorithmName, $hash] = \explode(':', $code['code'], 2);
 			$algorithm = $manager->getAlgorithmFromName($algorithmName);
 			
 			// The use of `&` is intentional to disable the shortcutting logic.