From 20d9e919c3473ecc1935915a16fea2e3a2b72ed2 Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Mon, 19 Aug 2019 03:12:37 +0100
Subject: [PATCH] generate only one csrf token per session

some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
---
 includes/functions.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/functions.php b/includes/functions.php
index d97108d1..055f750e 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
 */
 function ensureCSRFSessionToken()
 {
-    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    if (empty($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
 }
 
 /**