mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
see https://github.com/postfixadmin/postfixadmin/issues/523 - improve randomness when creating the PFA_token field; reported by @michaellrowley via huntr.dev.
This commit is contained in:
parent
99a549c2e3
commit
25ac89f6a7
@ -108,7 +108,8 @@ function init_session($username, $is_admin = false)
|
||||
$_SESSION['sessid']['roles'] = array();
|
||||
$_SESSION['sessid']['roles'][] = $is_admin ? 'admin' : 'user';
|
||||
$_SESSION['sessid']['username'] = $username;
|
||||
$_SESSION['PFA_token'] = md5(uniqid("", true));
|
||||
|
||||
$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));
|
||||
|
||||
return $status;
|
||||
}
|
||||
|
@ -70,8 +70,7 @@ session_start();
|
||||
if ($error) {
|
||||
flash_error($error);
|
||||
}
|
||||
|
||||
$_SESSION['PFA_token'] = md5(uniqid('pfa' . rand(), true));
|
||||
$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));
|
||||
|
||||
$smarty->assign('language_selector', language_selector(), false);
|
||||
$smarty->assign('smarty_template', 'login');
|
||||
|
Loading…
Reference in New Issue
Block a user