diff options
author | Andrew Dolgov <[email protected]> | 2020-09-17 08:59:18 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-17 08:59:18 +0300 |
commit | a817d3794d920f4f9280820beea746ab072830cd (patch) | |
tree | 67755df7626389cd5ad3c3dc96cb104cc738db54 /plugins/af_proxy_http | |
parent | 0757ad04066019ec670ef97c07462ef02331cf45 (diff) |
* use get_random_bytes() for CSRF token
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
Diffstat (limited to 'plugins/af_proxy_http')
-rw-r--r-- | plugins/af_proxy_http/init.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/af_proxy_http/init.php b/plugins/af_proxy_http/init.php index 0a8e88677..7cb9355f3 100644 --- a/plugins/af_proxy_http/init.php +++ b/plugins/af_proxy_http/init.php @@ -30,7 +30,7 @@ class Af_Proxy_Http extends Plugin { $host->add_hook($host::HOOK_PREFS_TAB, $this); if (!$_SESSION['af_proxy_http_token']) - $_SESSION['af_proxy_http_token'] = uniqid_short(); + $_SESSION['af_proxy_http_token'] = bin2hex(get_random_bytes(16)); } function hook_enclosure_entry($enc) { @@ -202,7 +202,7 @@ class Af_Proxy_Http extends Plugin { function hook_prefs_tab($args) { if ($args != "prefFeeds") return; - print "<div dojoType=\"dijit.layout.AccordionPane\" + print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"<i class='material-icons'>extension</i> ".__('Image proxy settings (af_proxy_http)')."\">"; print "<form dojoType=\"dijit.form.Form\">"; |