From 885477173bbe8fda3933be88224ca913939b5e8e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 12 May 2022 12:02:31 +0200
Subject: [PATCH] Simplify generation of random cookie prefix in WCFSetup

---
 wcfsetup/install/files/lib/system/WCFSetup.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php
index 792ed2893d..f34ba175d5 100644
--- a/wcfsetup/install/files/lib/system/WCFSetup.class.php
+++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php
@@ -1319,7 +1319,7 @@ class WCFSetup extends WCF
         if ($useRandomCookiePrefix) {
             $cookieNames = \array_keys($_COOKIE);
             while (true) {
-                $prefix = 'wsc_' . \substr(\sha1((string)\mt_rand()), 0, 6) . '_';
+                $prefix = 'wsc_' . \bin2hex(\random_bytes(3)) . '_';
                 $isValid = true;
                 foreach ($cookieNames as $cookieName) {
                     if (\strpos($cookieName, $prefix) === 0) {
-- 
2.20.1