From ccdc9a246e2583b9539f4fc23d94d24dd9d2721b Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Thu, 28 Sep 2017 12:03:45 +0200
Subject: [PATCH] Implemented dynamic cookie hash generation

Closes #2429
---
 .../files/lib/system/WCFSetup.class.php       | 25 ++++++++++++++++++-
 .../PackageInstallationDispatcher.class.php   |  9 +++++++
 wcfsetup/install/files/options.inc.php        |  7 +++++-
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/WCFSetup.class.php b/wcfsetup/install/files/lib/system/WCFSetup.class.php
index 97a5815d4d..0405c4edfe 100644
--- a/wcfsetup/install/files/lib/system/WCFSetup.class.php
+++ b/wcfsetup/install/files/lib/system/WCFSetup.class.php
@@ -1206,8 +1206,31 @@ class WCFSetup extends WCF {
 			]);
 		}
 		
+		// determine randomized cookie prefix
+		$prefix = 'wsc30_';
+		if (!self::$developerMode) {
+			$cookieNames = array_keys($_COOKIE);
+			while (true) {
+				$prefix = 'wsc_' . substr(sha1(mt_rand()), 0, 6) . '_';
+				$isValid = true;
+				foreach ($cookieNames as $cookieName) {
+					if (strpos($cookieName, $prefix) === 0) {
+						$isValid = false;
+						break;
+					}
+				}
+				
+				if ($isValid) {
+					break;
+				}
+			}
+			
+			// the options have not been imported yet
+			file_put_contents(WCF_DIR . 'cookiePrefix.txt', $prefix);
+		}
+		
 		// login as admin
-		define('COOKIE_PREFIX', 'wsc30_');
+		define('COOKIE_PREFIX', $prefix);
 		
 		$factory = new ACPSessionFactory();
 		$factory->load();
diff --git a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
index ace7afc007..98afc7b912 100644
--- a/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
+++ b/wcfsetup/install/files/lib/system/package/PackageInstallationDispatcher.class.php
@@ -196,6 +196,15 @@ class PackageInstallationDispatcher {
 						'wcf_uuid'
 					]);
 					
+					if (file_exists(WCF_DIR . 'cookiePrefix.txt')) {
+						$statement->execute([
+							COOKIE_PREFIX,
+							'cookie_prefix'
+						]);
+						
+						@unlink(WCF_DIR . 'cookiePrefix.txt');
+					}
+					
 					$user = new User(1);
 					$statement->execute([
 						$user->username,
diff --git a/wcfsetup/install/files/options.inc.php b/wcfsetup/install/files/options.inc.php
index bf82bacb90..1c7e18cf6d 100644
--- a/wcfsetup/install/files/options.inc.php
+++ b/wcfsetup/install/files/options.inc.php
@@ -8,7 +8,12 @@
  */
 define('LAST_UPDATE_TIME', TIME_NOW);
 
-define('COOKIE_PREFIX', 'wsc30_');
+$prefix = 'wsc30_';
+if (file_exists(WCF_DIR . 'cookiePrefix.txt')) {
+	$prefix = file_get_contents(WCF_DIR . 'cookiePrefix.txt');
+}
+define('COOKIE_PREFIX', $prefix);
+
 define('COOKIE_PATH', '');
 define('COOKIE_DOMAIN', '');
 
-- 
2.20.1