github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix cryptographically insecure CSRF tokens

Browse source
This commit is contained in:
Arinerron 2017-04-05 16:16:01 -07:00 committed by GitHub
commit 2f5c7a10b7
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/login/index.php
View file

@ -126,7 +126,7 @@ if (empty($_SESSION['language'])) {
}
// Generate CSRF token
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16)); // generate 32-character cryptographically secure token
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
require_once('../templates/header.html');