From 43e7c9b396335d640c6d04cff72e8d5f3b7851f3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 5 Aug 2022 09:50:36 +0200
Subject: [PATCH] Remove long-deprecated methods from PasswordUtil

PasswordUtil itself is wholly deprecated, but these two methods are trivially
replaced and developers should to so, if only to improve the clarity of the
code.
---
 .../files/lib/util/PasswordUtil.class.php     | 32 ++-----------------
 1 file changed, 2 insertions(+), 30 deletions(-)

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 022f6abd2b..606edf363c 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -4,7 +4,6 @@ namespace wcf\util;
 
 use wcf\system\exception\SystemException;
 use wcf\system\Regex;
-use wcf\util\exception\CryptoException;
 
 /**
  * @deprecated 5.5 - All methods within this class are deprecated.
@@ -176,7 +175,7 @@ final class PasswordUtil
         $salt = '';
 
         for ($i = 0, $maxIndex = (\strlen(self::$blowfishCharacters) - 1); $i < 22; $i++) {
-            $salt .= self::$blowfishCharacters[self::secureRandomNumber(0, $maxIndex)];
+            $salt .= self::$blowfishCharacters[\random_int(0, $maxIndex)];
         }
 
         return self::getSalt($salt);
@@ -191,39 +190,12 @@ final class PasswordUtil
         $password = '';
 
         for ($i = 0, $maxIndex = (\strlen($charset) - 1); $i < $length; $i++) {
-            $password .= $charset[self::secureRandomNumber(0, $maxIndex)];
+            $password .= $charset[\random_int(0, $maxIndex)];
         }
 
         return $password;
     }
 
-    /**
-     * @deprecated  Use \wcf\util\CryptoUtil::secureCompare()
-     */
-    public static function secureCompare($hash1, $hash2)
-    {
-        return \hash_equals($hash1, $hash2);
-    }
-
-    /**
-     * @deprecated  Use random_int()
-     */
-    public static function secureRandomNumber($min, $max)
-    {
-        $range = $max - $min;
-        if ($range == 0) {
-            // not random
-            throw new SystemException("Cannot generate a secure random number, min and max are the same");
-        }
-
-        try {
-            return CryptoUtil::randomInt($min, $max);
-        } catch (CryptoException $e) {
-            // Backwards compatibility: This function never did throw.
-            return \mt_rand($min, $max);
-        }
-    }
-
     /**
      * @deprecated  5.4 - Use the new password algorithm framework in \wcf\system\user\authentication\password\*.
      */
-- 
2.20.1