mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
generate only one csrf token per session
some pages issue xhr which lead to new tokens in the session and a future check is garuanteed to fail.
This commit is contained in:
parent
df81ce2a07
commit
20d9e919c3
@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
|
|||||||
*/
|
*/
|
||||||
function ensureCSRFSessionToken()
|
function ensureCSRFSessionToken()
|
||||||
{
|
{
|
||||||
|
if (empty($_SESSION['csrf_token'])) {
|
||||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user