Fix for "Broken or Risky Cryptographic Algorithm"

2026-01-26 09:09:29 +01:00 · 2021-08-16 14:56:37 +03:00
parent 6fdfef4e88
commit 2fc0dc34fe
1 changed files with 3 additions and 2 deletions
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -58,9 +58,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
    exit;
 }

+// Generate CSRF Token
 if (isset($_SESSION['user'])) {
-    if(!isset($_SESSION['token'])){
-        $token = uniqid(mt_rand(), true);
+        if (!isset($_SESSION['token'])){
+        $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
        $_SESSION['token'] = $token;
    }
 }