Fix cryptographically insecure CSRF token bug

Arinerron · web-flow · commit cb7168f5362c · 2017-04-05T16:18:44.000-07:00
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -59,10 +59,10 @@
     exit;
 }
 
+// Generate CSRF token
 if (isset($_SESSION['user'])) {
     if(!isset($_SESSION['token'])){
-        $token = uniqid(mt_rand(), true);
-        $_SESSION['token'] = $token;
+        $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16));
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -59,10 +59,10 @@`
`59`	`59`	`exit;`
`60`	`60`	`}`
`61`	`61`
	`62`	`+// Generate CSRF token`
`62`	`63`	`if (isset($_SESSION['user'])) {`
`63`	`64`	`if(!isset($_SESSION['token'])){`
`64`		`- $token = uniqid(mt_rand(), true);`
`65`		`- $_SESSION['token'] = $token;`
	`65`	`+ $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16));`
`66`	`66`	`}`
`67`	`67`	`}`
`68`	`68`