From 6efccfddc75608e8eb97b22f92636ec78cfc6c71 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 6 Jan 2021 11:59:54 +0100
Subject: [PATCH] Update update_com.woltlab.wcf_5.4_session_1_cookies for new
 cookie format

---
 ...pdate_com.woltlab.wcf_5.4_session_1_cookies.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
index db926ee461..1d57873337 100644
--- a/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
+++ b/wcfsetup/install/files/acp/update_com.woltlab.wcf_5.4_session_1_cookies.php
@@ -3,7 +3,7 @@
  * Sets the new session cookies.
  * 
  * @author	Tim Duesterhus
- * @copyright	2001-2020 WoltLab GmbH
+ * @copyright	2001-2021 WoltLab GmbH
  * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  * @package	WoltLabSuite\Core
  */
@@ -21,8 +21,8 @@ use wcf\util\HeaderUtil;
 $hasValidSessionCookie = false;
 if (!empty($_COOKIE[COOKIE_PREFIX."acp_session"])) {
 	$cookieValue = CryptoUtil::getValueFromSignedString($_COOKIE[COOKIE_PREFIX."acp_session"]);
-	if ($cookieValue) {
-		$sessionID = \bin2hex($cookieValue);
+	if ($cookieValue && \mb_strlen($cookieValue, '8bit') === 26) {
+		$sessionID = \bin2hex(\mb_substr($cookieValue, 1, 20, '8bit'));
 		if ($sessionID === WCF::getSession()->sessionID) {
 			$hasValidSessionCookie = true;
 		}
@@ -45,7 +45,13 @@ if ($hasValidSessionCookie && $hasValidXsrfToken) {
 HeaderUtil::setCookie(
 	"acp_session",
 	CryptoUtil::createSignedString(
-		\hex2bin(WCF::getSession()->sessionID)
+		\pack(
+			'CA20CN',
+			1,
+			\hex2bin(WCF::getSession()->sessionID),
+			0,
+			WCF::getUser()->userID
+		)
 	)
 );
 
-- 
2.20.1