Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-12 02:21:09 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Switch to a more secure method for generation of the CSRF token

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-09-13 19:53:20 +04:00
parent 2334a0ed0a
commit d7c18215c5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/messenger/webim/libs/common.php
View File

@ -755,7 +755,7 @@ function print_csrf_token_in_url()
function setcsrftoken() function setcsrftoken()
{ {
if (!isset($_SESSION['csrf_token'])) { if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = sha1(rand(10000000, 99999999)); $_SESSION['csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));
} }
} }