improve csrf token generation

orthagh · trasher · commit 039c184cba0f · 2020-05-05T14:13:16.000+02:00
diff --git a/inc/session.class.php b/inc/session.class.php
@@ -1138,7 +1138,7 @@ static public function getNewCSRFToken() {
 
       if (empty($CURRENTCSRFTOKEN)) {
          do {
-            $CURRENTCSRFTOKEN = md5(uniqid(rand(), true));
+            $CURRENTCSRFTOKEN = bin2hex(random_bytes(32));
          } while ($CURRENTCSRFTOKEN == '');
       }
 

Original file line number	Diff line number	Diff line change
`@@ -1138,7 +1138,7 @@ static public function getNewCSRFToken() {`
`1138`	`1138`
`1139`	`1139`	`if (empty($CURRENTCSRFTOKEN)) {`
`1140`	`1140`	`do {`
`1141`		`- $CURRENTCSRFTOKEN = md5(uniqid(rand(), true));`
	`1141`	`+ $CURRENTCSRFTOKEN = bin2hex(random_bytes(32));`
`1142`	`1142`	`} while ($CURRENTCSRFTOKEN == '');`
`1143`	`1143`	`}`
`1144`	`1144`