beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-22 07:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

mcrypt_create_iv is deprecated, openssl_random_pseudo_bytes

Browse source 
depends on openssl. php7 has the platform-independent
`random_bytes` to generate "cryptographically secure"
random data. use that for csrf token.
This commit is contained in:
glaszig 2019-07-30 20:14:37 +02:00
parent 490cb14acd
commit 7898dc24c8
1 changed files with 1 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
includes/functions.php
View file

@ -60,11 +60,7 @@ function safefilerewrite($fileName, $dataToSave)
function ensureCSRFSessionToken()
{
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
}