From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Thu, 12 May 2022 10:02:31 +0000 (+0200)
Subject: Simplify generation of random cookie prefix in WCFSetup
X-Git-Tag: 6.0.0_Alpha_1~1323
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=885477173bbe8fda3933be88224ca913939b5e8e;p=GitHub%2FWoltLab%2FWCF.git

Simplify generation of random cookie prefix in WCFSetup
---

diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php
index 792ed2893d..f34ba175d5 100644
--- a/wcfsetup/install/files/lib/system/WCFSetup.class.php
+++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php
@@ -1319,7 +1319,7 @@ class WCFSetup extends WCF
         if ($useRandomCookiePrefix) {
             $cookieNames = \array_keys($_COOKIE);
             while (true) {
-                $prefix = 'wsc_' . \substr(\sha1((string)\mt_rand()), 0, 6) . '_';
+                $prefix = 'wsc_' . \bin2hex(\random_bytes(3)) . '_';
                 $isValid = true;
                 foreach ($cookieNames as $cookieName) {
                     if (\strpos($cookieName, $prefix) === 0) {