Don't trust user token

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1249 7c3ca157-0c34-0410-bff1-cbf682f78f5c
2025-08-09 16:17:48 +02:00 · 2009-11-21 08:59:03 +00:00
parent 7d834847d1
commit 2d52e0760f
1 changed files with 1 additions and 1 deletions
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -60,5 +60,5 @@ if (is_string($connection) || !$adminer->login($username, $_SESSION["passwords"]
 unset($username);

 if (!$_SESSION["tokens"][$_GET["server"]]) {
-	$_SESSION["tokens"][$_GET["server"]] = (isset($_POST["server"]) && $_POST["token"] ? $_POST["token"] : rand(1, 1e6)); // defense against cross-site request forgery
+	$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
 }