|
@@ -58,9 +58,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
|
|
|
exit;
|
|
exit;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+// Generate CSRF Token
|
|
|
if (isset($_SESSION['user'])) {
|
|
if (isset($_SESSION['user'])) {
|
|
|
- if(!isset($_SESSION['token'])){
|
|
|
|
|
- $token = uniqid(mt_rand(), true);
|
|
|
|
|
|
|
+ if (!isset($_SESSION['token'])){
|
|
|
|
|
+ $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
|
|
|
$_SESSION['token'] = $token;
|
|
$_SESSION['token'] = $token;
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
Anton Reutov