From b9e9b7fe39ab913efc794cb60a4e2af1dfc0fb5e Mon Sep 17 00:00:00 2001
From: glaszig <glaszig@gmail.com>
Date: Tue, 30 Jul 2019 17:38:33 +0200
Subject: [PATCH] move csrf token initialization into function

---
 includes/functions.php | 14 ++++++++++++++
 index.php              |  8 +-------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 5facfe76..24da797f 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -54,6 +54,20 @@ function safefilerewrite($fileName, $dataToSave)
     }
 }
 
+/**
+* Saves a CSRF token in the session
+*/
+function ensureCSRFSessionToken()
+{
+    if (empty($_SESSION['csrf_token'])) {
+        if (function_exists('mcrypt_create_iv')) {
+            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
+        } else {
+            $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
+        }
+    }
+}
+
 /**
 *
 * Add CSRF Token to form
diff --git a/index.php b/index.php
index bbb6603d..ce91ea77 100755
--- a/index.php
+++ b/index.php
@@ -43,13 +43,7 @@ if (csrfValidateRequest() && !CSRFValidate()) {
   handleInvalidCSRFToken();
 }
 
-if (empty($_SESSION['csrf_token'])) {
-    if (function_exists('mcrypt_create_iv')) {
-        $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
-    } else {
-        $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
-    }
-}
+ensureCSRFSessionToken();
 
 if (!isset($_COOKIE['theme'])) {
     $theme = "custom.css";