frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes

Browse Source 
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
This commit is contained in:
glaszig 2019-07-30 20:14:37 +02:00
parent 490cb14acd
commit 7898dc24c8
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/functions.php
View File

@ -60,11 +60,7 @@ function safefilerewrite($fileName, $dataToSave)
function ensureCSRFSessionToken() function ensureCSRFSessionToken()
{ {
if (empty($_SESSION['csrf_token'])) { if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
} }
} }