Changeset 751
- Timestamp:
- Oct 14, 2021 10:54:00 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r747 r751 95 95 'csrf_token_enabled' => true, 96 96 // Form tokens will expire after this duration, in seconds. 97 'csrf_token_timeout' => 259200, // 259200 seconds = 3 days.97 'csrf_token_timeout' => 86400, // 86400 seconds = 24 hours. 98 98 'csrf_token_name' => 'csrf_token', 99 99 … … 1407 1407 * 1408 1408 * @access public 1409 * @param bool $force_new_token Generate a new token, replacing any existing token in the session (used by $app->resetCSRFToken()) 1409 1410 * @return string The new or current csrf_token 1410 1411 * @author Quinn Comendant <quinn@strangecode.com> … … 1412 1413 * @since 15 Nov 2014 17:57:17 1413 1414 */ 1414 public function getCSRFToken( )1415 { 1416 if ( !isset($_SESSION['_app'][$this->_ns]['csrf_token']) || (removeSignature($_SESSION['_app'][$this->_ns]['csrf_token']) + $this->getParam('csrf_token_timeout') < time())) {1415 public function getCSRFToken($force_new_token=false) 1416 { 1417 if ($force_new_token || !isset($_SESSION['_app'][$this->_ns]['csrf_token']) || (removeSignature($_SESSION['_app'][$this->_ns]['csrf_token']) + $this->getParam('csrf_token_timeout') < time())) { 1417 1418 // No token, or token is expired; generate one and return it. 1418 1419 return $_SESSION['_app'][$this->_ns]['csrf_token'] = addSignature(time(), null, 64); … … 1420 1421 // Current token is not expired; return it. 1421 1422 return $_SESSION['_app'][$this->_ns]['csrf_token']; 1423 } 1424 1425 /* 1426 * Generate a new token, replacing any existing token in the session. Call this function after $app->requireValidCSRFToken() for a new token to be required for each request. 1427 * 1428 * @access public 1429 * @author Quinn Comendant <quinn@strangecode.com> 1430 * @since 14 Oct 2021 17:35:19 1431 */ 1432 public function resetCSRFToken() 1433 { 1434 $this->getCSRFToken(true); 1422 1435 } 1423 1436 … … 1427 1440 * @access public 1428 1441 * @param string $user_submitted_csrf_token The user-submitted token to compare with the session token. 1429 * @param string $csrf_token The token to compare with the session token.1430 1442 * @return bool True if the tokens match, false otherwise. 1431 1443 * @author Quinn Comendant <quinn@strangecode.com>
Note: See TracChangeset
for help on using the changeset viewer.