Browse Source

move csrf token initialization into function

pull/356/head
glaszig 3 years ago
parent
commit
b9e9b7fe39
  1. 14
      includes/functions.php
  2. 8
      index.php

14
includes/functions.php

@ -54,6 +54,20 @@ function safefilerewrite($fileName, $dataToSave)
}
}
/**
* Saves a CSRF token in the session
*/
function ensureCSRFSessionToken()
{
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
}
/**
*
* Add CSRF Token to form

8
index.php

@ -43,13 +43,7 @@ if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken();
}
if (empty($_SESSION['csrf_token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
ensureCSRFSessionToken();
if (!isset($_COOKIE['theme'])) {
$theme = "custom.css";

Loading…
Cancel
Save