From 58e8dcd5f6436dd988b1277727051a333f05b801 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Tue, 29 Oct 2013 02:41:17 +0400
Subject: [PATCH] Make CSRF token more secure

---
 src/mibew/libs/common/csrf.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mibew/libs/common/csrf.php b/src/mibew/libs/common/csrf.php
index 0c0b4f59..a068cee5 100644
--- a/src/mibew/libs/common/csrf.php
+++ b/src/mibew/libs/common/csrf.php
@@ -55,7 +55,7 @@ function print_csrf_token_in_url()
 function setcsrftoken()
 {
 	if (!isset($_SESSION['csrf_token'])) {
-		$_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
+		$_SESSION['csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));
 	}
 }