Merge pull request #385 from glaszig/fix/csrf-xhr-race-condition

fix csrf token xhr race condition
2025-03-01 10:31:47 +00:00 · 2019-08-19 12:16:45 +02:00
parent df81ce2a07 20d9e919c3
commit aaa2225e6c
1 changed files with 3 additions and 1 deletions
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
 */
 function ensureCSRFSessionToken()
 {
-    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    if (empty($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
 }

 /**