mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-09-19 19:31:17 +00:00
generate only one csrf token per session
some pages issue xhr which lead to new tokens in the session and a future check is garuanteed to fail.
This commit is contained in:
parent
df81ce2a07
commit
20d9e919c3
|
@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
|
||||||
*/
|
*/
|
||||||
function ensureCSRFSessionToken()
|
function ensureCSRFSessionToken()
|
||||||
{
|
{
|
||||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
if (empty($_SESSION['csrf_token'])) {
|
||||||
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue