mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-21 23:20:22 +00:00
move csrf token initialization into function
This commit is contained in:
parent
d53517a34a
commit
b9e9b7fe39
2 changed files with 15 additions and 7 deletions
|
@ -54,6 +54,20 @@ function safefilerewrite($fileName, $dataToSave)
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves a CSRF token in the session
|
||||
*/
|
||||
function ensureCSRFSessionToken()
|
||||
{
|
||||
if (empty($_SESSION['csrf_token'])) {
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
|
||||
} else {
|
||||
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Add CSRF Token to form
|
||||
|
|
|
@ -43,13 +43,7 @@ if (csrfValidateRequest() && !CSRFValidate()) {
|
|||
handleInvalidCSRFToken();
|
||||
}
|
||||
|
||||
if (empty($_SESSION['csrf_token'])) {
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
|
||||
} else {
|
||||
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
}
|
||||
}
|
||||
ensureCSRFSessionToken();
|
||||
|
||||
if (!isset($_COOKIE['theme'])) {
|
||||
$theme = "custom.css";
|
||||
|
|
Loading…
Reference in a new issue