From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 6 Jan 2021 10:59:54 +0000 (+0100)
Subject: Update update_com.woltlab.wcf_5.4_session_1_cookies for new cookie format
X-Git-Tag: 5.4.0_Alpha_1~470^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6efccfddc75608e8eb97b22f92636ec78cfc6c71;p=GitHub%2FWoltLab%2FWCF.git

Update update_com.woltlab.wcf_5.4_session_1_cookies for new cookie format
---

diff --git a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
index db926ee461..1d57873337 100644
--- a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
+++ b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
@@ -3,7 +3,7 @@
  * Sets the new session cookies.
  * 
  * @author	Tim Duesterhus
- * @copyright	2001-2020 WoltLab GmbH
+ * @copyright	2001-2021 WoltLab GmbH
  * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @package	WoltLabSuite\Core
  */
@@ -21,8 +21,8 @@ use wcf\util\HeaderUtil;
 $hasValidSessionCookie = false;
 if (!empty($_COOKIE[COOKIE_PREFIX."acp_session"])) {
 	$cookieValue = CryptoUtil::getValueFromSignedString($_COOKIE[COOKIE_PREFIX."acp_session"]);
-	if ($cookieValue) {
-		$sessionID = \bin2hex($cookieValue);
+	if ($cookieValue && \mb_strlen($cookieValue, '8bit') === 26) {
+		$sessionID = \bin2hex(\mb_substr($cookieValue, 1, 20, '8bit'));
 		if ($sessionID === WCF::getSession()->sessionID) {
 			$hasValidSessionCookie = true;
 		}
@@ -45,7 +45,13 @@ if ($hasValidSessionCookie && $hasValidXsrfToken) {
 HeaderUtil::setCookie(
 	"acp_session",
 	CryptoUtil::createSignedString(
-		\hex2bin(WCF::getSession()->sessionID)
+		\pack(
+			'CA20CN',
+			1,
+			\hex2bin(WCF::getSession()->sessionID),
+			0,
+			WCF::getUser()->userID
+		)
 	)
 );