From 2d52e0760fc4abad60a6e9d2f02a396dd317391b Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Sat, 21 Nov 2009 08:59:03 +0000
Subject: [PATCH] Don't trust user token

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1249 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 adminer/include/auth.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 6049ac8c..ff35f694 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -60,5 +60,5 @@ if (is_string($connection) || !$adminer->login($username, $_SESSION["passwords"]
 unset($username);
 
 if (!$_SESSION["tokens"][$_GET["server"]]) {
-	$_SESSION["tokens"][$_GET["server"]] = (isset($_POST["server"]) && $_POST["token"] ? $_POST["token"] : rand(1, 1e6)); // defense against cross-site request forgery
+	$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
 }