Skip to content

Commit 2f5c7a1

Browse files
ArinerronArinerron
authored
Fix cryptographically insecure CSRF tokens
1 parent 2a27966 commit 2f5c7a1

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

web/login/index.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@
126126
}
127127

128128
// Generate CSRF token
129-
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
129+
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16)); // generate 32-character cryptographically secure token
130130

131131
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
132132
require_once('../templates/header.html');

0 commit comments

Comments
 (0)