mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-18 04:22:10 +02:00
Code Issues Releases Wiki Activity

Update SessionCSRF to use more purpose-specific WireRandom class rather than Password class for random string generation

Browse Source
This commit is contained in:
Ryan Cramer
2019-04-05 15:01:49 -04:00
parent c58d00863a
commit d4ca0d6e45
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wire/core/SessionCSRF.php
View File

@@ -70,8 +70,8 @@ class SessionCSRF extends Wire {
$tokenValue = $this->session->get($this, $tokenName); $tokenValue = $this->session->get($this, $tokenName);
if(empty($tokenValue)) { if(empty($tokenValue)) {
// $tokenValue = md5($this->page->path() . mt_rand() . microtime()) . md5($this->page->name . $this->config->userAuthSalt . mt_rand()); // $tokenValue = md5($this->page->path() . mt_rand() . microtime()) . md5($this->page->name . $this->config->userAuthSalt . mt_rand());
$pass = $this->wire(new Password()); $rand = new WireRandom();
$tokenValue = $pass->randomBase64String(32); $tokenValue = $rand->base64(32);
$this->session->set($this, $tokenName, $tokenValue); $this->session->set($this, $tokenName, $tokenValue);
} }
return $tokenValue; return $tokenValue;