github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-19 21:04:06 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for "Broken or Risky Cryptographic Algorithm"

Browse source
This commit is contained in:
Anton Reutov 2021-08-16 14:56:37 +03:00 committed by GitHub
commit 2fc0dc34fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/inc/main.php
View file

@ -58,9 +58,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
exit; exit;
} }
// Generate CSRF Token
if (isset($_SESSION['user'])) { if (isset($_SESSION['user'])) {
if(!isset($_SESSION['token'])){ if (!isset($_SESSION['token'])){
$token = uniqid(mt_rand(), true); $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
$_SESSION['token'] = $token; $_SESSION['token'] = $token;
} }
} }