diff options
| author | Simon Rettberg | 2016-05-19 15:46:30 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2016-05-19 15:46:30 +0200 |
| commit | bc959df0c9df3fdf250fb93ef30dbb81cbd848c7 (patch) | |
| tree | 15344f7f9db92c4a9698015af5ca2fa0f03dec5d /inc/session.inc.php | |
| parent | [baseconfig] Remove pointless TODO (diff) | |
| download | slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.tar.gz slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.tar.xz slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.zip | |
Fix CSRF token checking; improve token/sid generation
Diffstat (limited to 'inc/session.inc.php')
| -rw-r--r-- | inc/session.inc.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index b4299e06..26effa3f 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -11,11 +11,11 @@ class Session private static $sid = false; private static $data = false; - private static function generateSessionId() + private static function generateSessionId($salt) { if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.'); - self::$sid = sha1( - mt_rand(0, 65535) + self::$sid = sha1($salt . ',' + . mt_rand(0, 65535) . $_SERVER['REMOTE_ADDR'] . mt_rand(0, 65535) . $_SERVER['REMOTE_PORT'] @@ -27,9 +27,9 @@ class Session ); } - public static function create() + public static function create($salt = '') { - self::generateSessionId(); + self::generateSessionId($salt); self::$data = array(); } |