diff options
Diffstat (limited to 'include/functions.php')
| -rw-r--r-- | include/functions.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/functions.php b/include/functions.php index e561d8e3d..ed28fd257 100644 --- a/include/functions.php +++ b/include/functions.php @@ -721,6 +721,7 @@ $_SESSION["uid"] = db_fetch_result($result, 0, "id"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); + $_SESSION["csrf_token"] = sha1(uniqid(rand(), true)); db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); @@ -810,6 +811,10 @@ } } + function validate_csrf($csrf_token) { + return $csrf_token == $_SESSION['csrf_token']; + } + function validate_session($link) { if (SINGLE_USER_MODE) return true; @@ -2064,6 +2069,8 @@ $params["collapsed_feedlist"] = (int) get_pref($link, "_COLLAPSED_FEEDLIST"); + $params["csrf_token"] = $_SESSION["csrf_token"]; + return $params; } |