frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF token to password change page

Browse Source
This commit is contained in:
Joe Haig
2016-06-24 22:39:39 +01:00
parent f98af5c60b
commit 5c2492e785
3 changed files with 52 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
index.php
View File

@@ -44,6 +44,16 @@ include_once( 'includes/functions.php' );
$output = $return = 0;
$page = $_GET['page'];
session_start();
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
$csrf_token = $_SESSION['csrf_token'];
?>
<!DOCTYPE html>