Nemcio/adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2026-01-25 00:40:05 +01:00
Code Issues Packages Projects Releases Activity

Protect CSRF token against BREACH

Browse Source
This commit is contained in:
Jakub Vrana
2013-10-24 19:10:50 -07:00
parent 31abc08df8
commit a564bba261
6 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
adminer/include/functions.inc.php
View File

@@ -1124,6 +1124,22 @@ var timeout = setTimeout(function () {
return array_keys($return);
}
/** Generate BREACH resistant CSRF token
* @return string
*/
function get_token() {
$rand = rand(1, 1e6);
return ($rand ^ $_SESSION["token"]) . ":$rand";
}
/** Verify if supplied CSRF token is valid
* @return bool
*/
function verify_token() {
list($token, $rand) = explode(":", $_POST["token"]);
return ($rand ^ $_SESSION["token"]) == $token;
}
// used in compiled version
function lzw_decompress($binary) {
// convert binary string to codes