From 03e8dc1285e84ebc2fe9f0a36e168912d1dd4d91 Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Fri, 27 Oct 2023 16:24:41 +0200
Subject: [PATCH] Apply suggestions from code review

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
---
 .../password/algorithm/Pbkdf2.class.php               | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
index f0224a22c3..c16008c11c 100644
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
@@ -24,11 +24,10 @@ final class Pbkdf2 implements IPasswordAlgorithm
         string $hash
     ): bool {
         $parts = \explode(':', $hash, 5);
-        $hash = $parts[0];
-        $salt = $parts[1];
-        $algo = $parts[2];
-        $iterations = $parts[3];
-        $length = $parts[4];
+        if (\count($parts) !== 5) {
+            return false;
+        }
+        [$hash, $salt, $algo, $iterations, $length] = $parts;
 
         return \hash_equals($hash, \hash_pbkdf2($algo, $password, $salt, $iterations, $length));
     }
@@ -46,7 +45,7 @@ final class Pbkdf2 implements IPasswordAlgorithm
         $length = 32;
         $hash = \hash_pbkdf2($algo, $password, $salt, $iterations, $length);
 
-        return implode(':', [$hash, $salt, $algo, $iterations, $length]);
+        return \implode(':', [$hash, $salt, $algo, $iterations, $length]);
     }
 
     /**
-- 
2.20.1