mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-25 09:00:25 +00:00
generate only one csrf token per session
some pages issue xhr which lead to new tokens in the session and a future check is garuanteed to fail.
This commit is contained in:
parent
df81ce2a07
commit
20d9e919c3
1 changed files with 3 additions and 1 deletions
|
@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
|
|||
*/
|
||||
function ensureCSRFSessionToken()
|
||||
{
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
if (empty($_SESSION['csrf_token'])) {
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue