From 2ca6835c56fd478b8a685bcf2be72245a8231c37 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 3 Jan 2019 13:48:04 +0100
Subject: [PATCH] Implement StringUtil::getRandomID() in terms of a CSPRNG

---
 wcfsetup/install/files/lib/util/StringUtil.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php
index c215dd8635..36a556687a 100644
--- a/wcfsetup/install/files/lib/util/StringUtil.class.php
+++ b/wcfsetup/install/files/lib/util/StringUtil.class.php
@@ -42,12 +42,12 @@ final class StringUtil {
 	}
 	
 	/**
-	 * Creates a random hash.
+	 * Returns a 40 character hexadecimal string generated using a CSPRNG.
 	 * 
 	 * @return	string
 	 */
 	public static function getRandomID() {
-		return self::getHash(microtime() . uniqid((string) mt_rand(), true));
+		return bin2hex(random_bytes(20));
 	}
 	
 	/**
-- 
2.20.1