Skip to content

Commit 94e8e58

Browse files
ScIT-RaphaelScIT-Raphael
committed
Patch insecure CSRF token crypto vulnerability.
1 parent cc2a987 commit 94e8e58

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

web/inc/main.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,10 @@
5858
exit;
5959
}
6060

61+
// Generate CSRF Token
6162
if (isset($_SESSION['user'])) {
6263
if(!isset($_SESSION['token'])){
63-
$token = uniqid(mt_rand(), true);
64+
$token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
6465
$_SESSION['token'] = $token;
6566
}
6667
}

0 commit comments

Comments
 (0)