From 3c2ea2c8c957037a002b25b6f239197eade752a4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 9 Dec 2020 11:44:56 +0100 Subject: [PATCH] Use constant time hexadecimal encoding in migrate_multifactor --- .../acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php index dd4a4f988f..7cd4e2a2ca 100644 --- a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php +++ b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_migrate_multifactor.php @@ -10,6 +10,7 @@ */ use ParagonIE\ConstantTime\Base32; +use ParagonIE\ConstantTime\Hex; use wcf\data\object\type\ObjectTypeCache; use wcf\data\package\PackageCache; use wcf\data\user\User; @@ -98,7 +99,7 @@ foreach ($userIDs as $userID) { while ($row = $existingTotpAuthenticatorStatement->fetchArray()) { $createTotpStatement->execute([ $totpSetup->getId(), - \bin2hex(\random_bytes(16)), + Hex::encode(\random_bytes(16)), $row['name'], Base32::decodeUpper($row['secret']), ($row['time'] / 30), -- 2.20.1