mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-04-20 20:51:53 +02:00
Code Issues Releases Wiki Activity

Fixes #3437 – e_form::inlineToken() performance

Browse Source 
This "inline token" is generated 30 times in my test, but it's the same
session_id() being hashed. This is wasteful and can be mitigated in two
ways:

* Reducing the time cost like so: return password_hash(session_id(),
PASSWORD_DEFAULT, ['cost' => 04]);
* Storing the hash as an instance variable the first time it's
generated

This commit applies both mitigations.
This commit is contained in:
Nick Liu 2018-09-23 15:32:57 -05:00
parent 9b17485656
commit a374886425
No known key found for this signature in database
GPG Key ID: 1167C5F9C9897637
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/form_handler.php
View File

@ -67,7 +67,7 @@ class e_form
protected $_tabindex_enabled = true;
protected $_cached_attributes = array();
protected $_field_warnings = array();
protected $_inline_token = null;
/**
* @var user_class
@ -4420,7 +4420,9 @@ class e_form
*/
private function inlineToken()
{
return password_hash(session_id(), PASSWORD_DEFAULT);
$this->_inline_token = $this->_inline_token ?:
password_hash(session_id(), PASSWORD_DEFAULT, ['cost' => 04]);
return $this->_inline_token;
}
/**