frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

generate only one csrf token per session 

some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.
This commit is contained in:
glaszig 2019-08-19 03:12:37 +01:00
parent df81ce2a07
commit 20d9e919c3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/functions.php
View File

@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
*/ */
function ensureCSRFSessionToken() function ensureCSRFSessionToken()
{ {
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32)); $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
} }
/** /**