mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 13:17:24 +02:00
Code Issues Releases Wiki Activity

Fixes #3437 – e_form::inlineToken() performance

Browse Source 
This "inline token" is generated 30 times in my test, but it's the same
session_id() being hashed. This is wasteful and can be mitigated in two
ways:

* Reducing the time cost like so: return password_hash(session_id(),
PASSWORD_DEFAULT, ['cost' => 04]);
* Storing the hash as an instance variable the first time it's
generated

This commit applies both mitigations.
This commit is contained in:
Nick Liu
2018-09-23 15:32:57 -05:00
parent 9b17485656
commit a374886425
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/form_handler.php
View File

@@ -67,7 +67,7 @@ class e_form
protected $_tabindex_enabled = true; protected $_tabindex_enabled = true;
protected $_cached_attributes = array(); protected $_cached_attributes = array();
protected $_field_warnings = array(); protected $_field_warnings = array();
protected $_inline_token = null;
/** /**
* @var user_class * @var user_class
@@ -4420,7 +4420,9 @@ class e_form
*/ */
private function inlineToken() private function inlineToken()
{ {
return password_hash(session_id(), PASSWORD_DEFAULT); $this->_inline_token = $this->_inline_token ?:
password_hash(session_id(), PASSWORD_DEFAULT, ['cost' => 04]);
return $this->_inline_token;
} }
/** /**