From: Matthias Schmidt Date: Wed, 11 Sep 2019 16:19:09 +0000 (+0200) Subject: Merge branch 'master' into next X-Git-Tag: 5.2.0_Beta_2~59 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f799741ebc6853289840ef4930b069bf5e17e1dd;p=GitHub%2FWoltLab%2FWCF.git Merge branch 'master' into next --- f799741ebc6853289840ef4930b069bf5e17e1dd diff --cc wcfsetup/install/files/lib/action/FacebookAuthAction.class.php index b5f4548f35,08d2e69f48..4060862bce --- a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php +++ b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php @@@ -156,9 -145,9 +156,9 @@@ class FacebookAuthAction extends Abstra } // start auth by redirecting to facebook - $token = StringUtil::getRandomID(); + $token = bin2hex(\random_bytes(20)); WCF::getSession()->register('__facebookInit', $token); - HeaderUtil::redirect("https://www.facebook.com/dialog/oauth?client_id=".StringUtil::trim(FACEBOOK_PUBLIC_KEY). "&redirect_uri=".rawurlencode($callbackURL)."&state=".$token."&scope=email,user_birthday,user_location"); + HeaderUtil::redirect("https://www.facebook.com/dialog/oauth?client_id=".StringUtil::trim(FACEBOOK_PUBLIC_KEY). "&redirect_uri=".rawurlencode($callbackURL)."&state=".$token."&scope=email"); $this->executed(); exit; }