From: Tim Düsterhus Date: Wed, 9 Dec 2020 10:44:56 +0000 (+0100) Subject: Use constant time hexadecimal encoding in migrate_multifactor X-Git-Tag: 5.4.0_Alpha_1~555^2~2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3c2ea2c8c957037a002b25b6f239197eade752a4;p=GitHub%2FWoltLab%2FWCF.git Use constant time hexadecimal encoding in migrate_multifactor --- diff --git a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php index dd4a4f988f..7cd4e2a2ca 100644 --- a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php +++ b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php @@ -10,6 +10,7 @@ */ use ParagonIE\ConstantTime\Base32; +use ParagonIE\ConstantTime\Hex; use wcf\data\object\type\ObjectTypeCache; use wcf\data\package\PackageCache; use wcf\data\user\User; @@ -98,7 +99,7 @@ foreach ($userIDs as $userID) { while ($row = $existingTotpAuthenticatorStatement->fetchArray()) { $createTotpStatement->execute([ $totpSetup->getId(), - \bin2hex(\random_bytes(16)), + Hex::encode(\random_bytes(16)), $row['name'], Base32::decodeUpper($row['secret']), ($row['time'] / 30),