From 6fe86ffe7c76d953df50ec675b4bce9077221fff Mon Sep 17 00:00:00 2001
From: Marcel Werk <burntime@woltlab.com>
Date: Wed, 16 Oct 2024 11:31:21 +0200
Subject: [PATCH] Use deterministic tmp hash

---
 .../field/wysiwyg/WysiwygAttachmentFormField.class.php    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/form/builder/field/wysiwyg/WysiwygAttachmentFormField.class.php b/wcfsetup/install/files/lib/system/form/builder/field/wysiwyg/WysiwygAttachmentFormField.class.php
index 0632f14626..e0eb9b9d95 100644
--- a/wcfsetup/install/files/lib/system/form/builder/field/wysiwyg/WysiwygAttachmentFormField.class.php
+++ b/wcfsetup/install/files/lib/system/form/builder/field/wysiwyg/WysiwygAttachmentFormField.class.php
@@ -64,7 +64,13 @@ final class WysiwygAttachmentFormField extends AbstractFormField
     {
         if ($attachmentHandler !== null) {
             if ($this->attachmentHandler === null) {
-                $tmpHash = StringUtil::getRandomID();
+                $tmpHash = \sha1(\implode("\0", [
+                    $this->getId(),
+                    $attachmentHandler->getObjectType()->objectType,
+                    $attachmentHandler->getParentObjectID(),
+                    WCF::getUser()->userID ?: WCF::getSession()->sessionID,
+                ]));
+
                 if ($this->getDocument()->isAjax()) {
                     /** @deprecated 5.5 see QuickReplyManager::setTmpHash() */
                     $sessionTmpHash = WCF::getSession()->getVar('__wcfAttachmentTmpHash');
-- 
2.20.1