beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-22 07:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

move csrf token initialization into function

Browse source
This commit is contained in:
glaszig 2019-07-30 17:38:33 +02:00
parent d53517a34a
commit b9e9b7fe39
2 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
includes/functions.php
View file

@ -54,6 +54,20 @@ function safefilerewrite($fileName, $dataToSave)
} }
} }
/**
* Saves a CSRF token in the session
*/
function ensureCSRFSessionToken()
{
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
}
/** /**
* *
* Add CSRF Token to form * Add CSRF Token to form

8
index.php
View file

@ -43,13 +43,7 @@ if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken(); handleInvalidCSRFToken();
} }
if (empty($_SESSION['csrf_token'])) { ensureCSRFSessionToken();
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
if (!isset($_COOKIE['theme'])) { if (!isset($_COOKIE['theme'])) {
$theme = "custom.css"; $theme = "custom.css";