From a1f5a6ec17896a7f3042ebfd8aae8c09d41f912d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20SAUVAGE?= <sebsauvage@sebsauvage.net>
Date: Thu, 28 Feb 2013 09:19:00 +0100
Subject: [PATCH] Improved token security

...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 4068272..0bdb6d8 100644
--- a/index.php
+++ b/index.php
@@ -576,7 +576,7 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array();  // Token are atta
 // Returns a token.
 function getToken()
 {
-    $rnd = sha1(uniqid('',true).'_'.mt_rand());  // We generate a random string.
+    $rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']);  // We generate a random string.
     $_SESSION['tokens'][$rnd]=1;  // Store it on the server side.
     return $rnd;
 }