public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-15 22:05:56 +00:00
Code Issues Releases Wiki Activity

experimental CSRF protection

Browse Source
This commit is contained in:
Andrew Dolgov
2011-12-26 12:02:52 +04:00
parent 036cd3a410
commit 8484ce2258
14 changed files with 106 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/functions.php
View File

@@ -721,6 +721,7 @@
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
@@ -810,6 +811,10 @@
}
}
function validate_csrf($csrf_token) {
return $csrf_token == $_SESSION['csrf_token'];
}
function validate_session($link) {
if (SINGLE_USER_MODE) return true;
@@ -2064,6 +2069,8 @@
$params["collapsed_feedlist"] = (int) get_pref($link, "_COLLAPSED_FEEDLIST");
$params["csrf_token"] = $_SESSION["csrf_token"];
return $params;
}