From 070420dc6445b7ae185cd7a0a2440992f03ed058 Mon Sep 17 00:00:00 2001
From: Tetrakern <26898880+Tetrakern@users.noreply.github.com>
Date: Tue, 7 Nov 2023 20:52:34 +0100
Subject: [PATCH] Use random_bytes instead of rand

---
 includes/functions/_oauth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/functions/_oauth.php b/includes/functions/_oauth.php
index 1633f238..e4bd38d9 100644
--- a/includes/functions/_oauth.php
+++ b/includes/functions/_oauth.php
@@ -1012,7 +1012,7 @@ if ( ! function_exists( 'fictioneer_get_oauth_code' ) ) {
     $params = array(
       'response_type' => 'code',
       'client_id' => FCN_OAUTH2_CLIENT_ID,
-      'state' => hash( 'sha256', microtime( TRUE ) . rand() . $_SERVER['REMOTE_ADDR'] ),
+      'state' => hash( 'sha256', microtime( TRUE ) . random_bytes( 15 ) . $_SERVER['REMOTE_ADDR'] ),
       'scope' => FCN_OAUTH2_API_ENDPOINTS[FCN_OAUTH2_CHANNEL]['scope'],
       'redirect_uri' => FCN_OAUTH2_REDIRECT_URL,
       'force_verify' => 'true',
@@ -1027,7 +1027,7 @@ if ( ! function_exists( 'fictioneer_get_oauth_code' ) ) {
       'channel' => FCN_OAUTH2_CHANNEL,
       'anchor' => FCN_OAUTH2_ANCHOR,
       'user_id' => get_current_user_id(),
-      'cookie' => hash( 'sha256', microtime( TRUE ) . rand() . $_SERVER['REMOTE_ADDR'] )
+      'cookie' => hash( 'sha256', microtime( TRUE ) . random_bytes( 15 ) . $_SERVER['REMOTE_ADDR'] )
     );
 
     set_transient( 'fictioneer_oauth2_state_' . $params['state'], $transient, 60 ); // Expires after 1 minute