frodovdr
/
raspap-webgui
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes 

depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
This commit is contained in:
glaszig 2019-07-30 20:14:37 +02:00
parent 490cb14acd
commit 7898dc24c8
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/functions.php
View File

@ -60,11 +60,7 @@ function safefilerewrite($fileName, $dataToSave)
function ensureCSRFSessionToken()
{
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
}