Mibew/tray
1
0
Fork 0
mirror of https://github.com/Mibew/tray.git synced 2025-01-22 18:10:34 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

update token methods to ensure csrf token is always get setted

Browse Source
This commit is contained in:
YuFei Zhu 2012-05-01 13:18:42 +01:00
parent e3b8848f78
commit 7f8b2fca89
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/messenger/webim/libs/common.php
View File

@ -690,10 +690,7 @@ function jspath()
/* authorization token check for CSRF attack */ /* authorization token check for CSRF attack */
function csrfchecktoken(){ function csrfchecktoken(){
/* if auth token not set, set it now */ setcsrftoken();
if(!isset($_SESSION['csrf_token'])){
$_SESSION['csrf_token']=sha1(rand(10000000,99999999));
}
// check the turing code for post requests and del requests // check the turing code for post requests and del requests
if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if ($_SERVER['REQUEST_METHOD'] == 'POST'){
@ -712,12 +709,23 @@ function csrfchecktoken(){
/* print csrf token as a hidden field*/ /* print csrf token as a hidden field*/
function print_csrf_token_input(){ function print_csrf_token_input(){
setcsrftoken();
echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />"; echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />";
} }
/* print csrf token in url format */ /* print csrf token in url format */
function print_csrf_token_in_url(){ function print_csrf_token_in_url(){
setcsrftoken();
echo "&amp;csrf_token=".$_SESSION['csrf_token']; echo "&amp;csrf_token=".$_SESSION['csrf_token'];
} }
/* set csrf token */
function setcsrftoken(){
if(!isset($_SESSION['csrf_token'])){
$_SESSION['csrf_token']=sha1(rand(10000000,99999999));
}
}
?> ?>