From 0e96093def5f337bc559f0451a1fd599bc733ee4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?=
 <frederic34@users.noreply.github.com>
Date: Sun, 21 Feb 2021 21:51:26 +0100
Subject: [PATCH] add log for token reclaimed

---
 htdocs/main.inc.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 15dfc85c8d2..c0d19648ab3 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -416,14 +416,16 @@ if ((!empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_VE
 }
 
 // Creation of a token against CSRF vulnerabilities
-if (!defined('NOTOKENRENEWAL'))
-{
+if (!defined('NOTOKENRENEWAL')) {
 	// Rolling token at each call ($_SESSION['token'] contains token of previous page)
-	if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
+	if (isset($_SESSION['newtoken'])) {
+		$_SESSION['token'] = $_SESSION['newtoken'];
+	}
 
 	// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
 	$token = dol_hash(uniqid(mt_rand(), true)); // Generates a hash of a random number
 	$_SESSION['newtoken'] = $token;
+	dol_syslog("NEW TOKEN reclaimed by : " . $_SERVER['PHP_SELF'], LOG_INFO);
 }
 
 //dol_syslog("aaaa - ".defined('NOCSRFCHECK')." - ".$dolibarr_nocsrfcheck." - ".$conf->global->MAIN_SECURITY_CSRF_WITH_TOKEN." - ".$_SERVER['REQUEST_METHOD']." - ".GETPOST('token', 'alpha').' '.$_SESSION['token']);