public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 11:45:56 +00:00
Code Issues Releases Wiki Activity

* use get_random_bytes() for CSRF token

Browse Source 
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
This commit is contained in:
Andrew Dolgov
2020-09-17 08:59:18 +03:00
parent 0757ad0406
commit a817d3794d
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/af_proxy_http/init.php
View File

@@ -30,7 +30,7 @@ class Af_Proxy_Http extends Plugin {
$host->add_hook($host::HOOK_PREFS_TAB, $this);
if (!$_SESSION['af_proxy_http_token'])
$_SESSION['af_proxy_http_token'] = uniqid_short();
$_SESSION['af_proxy_http_token'] = bin2hex(get_random_bytes(16));
}
function hook_enclosure_entry($enc) {
@@ -202,7 +202,7 @@ class Af_Proxy_Http extends Plugin {
function hook_prefs_tab($args) {
if ($args != "prefFeeds") return;
print "<div dojoType=\"dijit.layout.AccordionPane\"
print "<div dojoType=\"dijit.layout.AccordionPane\"
title=\"<i class='material-icons'>extension</i> ".__('Image proxy settings (af_proxy_http)')."\">";
print "<form dojoType=\"dijit.form.Form\">";