From 18e4898035d2bd09e9325f5c51c15ad24c96225e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 22 Sep 2021 12:33:58 +0200
Subject: [PATCH] Clean up `$prefix` generation in install.php

---
 wcfsetup/install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install.php b/wcfsetup/install.php
index 305dc5caaf..def1312747 100644
--- a/wcfsetup/install.php
+++ b/wcfsetup/install.php
@@ -1203,7 +1203,7 @@ if (isset($_REQUEST['tmpFilePrefix'])) {
 	$prefix = preg_replace('/[^a-f0-9_]+/', '', $_REQUEST['tmpFilePrefix']);
 }
 else {
-	$prefix = substr(sha1(uniqid(microtime())), 0, 8);
+	$prefix = \bin2hex(\random_bytes(4));
 }
 define('TMP_FILE_PREFIX', $prefix);
 
-- 
2.20.1