Knah-Tsaeb/Shaarlet
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Improved token security

Browse source 
...by adding salt. These token are used in form which act on data to
prevent CSRF attacks.
This closes issue https://github.com/sebsauvage/Shaarli/issues/24
This commit is contained in:
Sébastien SAUVAGE 2013-02-28 09:19:00 +01:00
parent 9e8209064d
commit a1f5a6ec17
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
index.php
View file

@ -576,7 +576,7 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta
// Returns a token.
function getToken()
{
$rnd = sha1(uniqid('',true).'_'.mt_rand()); // We generate a random string.
$rnd = sha1(uniqid('',true).'_'.mt_rand().$GLOBALS['salt']); // We generate a random string.
$_SESSION['tokens'][$rnd]=1; // Store it on the server side.
return $rnd;
}