Changeset 751


Ignore:
Timestamp:
Oct 14, 2021 10:54:00 PM (3 years ago)
Author:
anonymous
Message:

Add resetCSRFToken()

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/App.inc.php

    r747 r751  
    9595        'csrf_token_enabled' => true,
    9696        // Form tokens will expire after this duration, in seconds.
    97         'csrf_token_timeout' => 259200, // 259200 seconds = 3 days.
     97        'csrf_token_timeout' => 86400, // 86400 seconds = 24 hours.
    9898        'csrf_token_name' => 'csrf_token',
    9999
     
    14071407    *
    14081408    * @access   public
     1409    * @param    bool    $force_new_token    Generate a new token, replacing any existing token in the session (used by $app->resetCSRFToken())
    14091410    * @return   string The new or current csrf_token
    14101411    * @author   Quinn Comendant <quinn@strangecode.com>
     
    14121413    * @since    15 Nov 2014 17:57:17
    14131414    */
    1414     public function getCSRFToken()
    1415     {
    1416         if (!isset($_SESSION['_app'][$this->_ns]['csrf_token']) || (removeSignature($_SESSION['_app'][$this->_ns]['csrf_token']) + $this->getParam('csrf_token_timeout') < time())) {
     1415    public function getCSRFToken($force_new_token=false)
     1416    {
     1417        if ($force_new_token || !isset($_SESSION['_app'][$this->_ns]['csrf_token']) || (removeSignature($_SESSION['_app'][$this->_ns]['csrf_token']) + $this->getParam('csrf_token_timeout') < time())) {
    14171418            // No token, or token is expired; generate one and return it.
    14181419            return $_SESSION['_app'][$this->_ns]['csrf_token'] = addSignature(time(), null, 64);
     
    14201421        // Current token is not expired; return it.
    14211422        return $_SESSION['_app'][$this->_ns]['csrf_token'];
     1423    }
     1424
     1425    /*
     1426    * Generate a new token, replacing any existing token in the session. Call this function after $app->requireValidCSRFToken() for a new token to be required for each request.
     1427    *
     1428    * @access   public
     1429    * @author   Quinn Comendant <quinn@strangecode.com>
     1430    * @since    14 Oct 2021 17:35:19
     1431    */
     1432    public function resetCSRFToken()
     1433    {
     1434        $this->getCSRFToken(true);
    14221435    }
    14231436
     
    14271440    * @access   public
    14281441    * @param    string  $user_submitted_csrf_token The user-submitted token to compare with the session token.
    1429     * @param    string  $csrf_token     The token to compare with the session token.
    14301442    * @return   bool    True if the tokens match, false otherwise.
    14311443    * @author   Quinn Comendant <quinn@strangecode.com>
Note: See TracChangeset for help on using the changeset viewer.