Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Doc

Browse Source
This commit is contained in:
Laurent Destailleur 2022-09-03 18:00:31 +02:00
parent b2131f80db
commit 6c947c9f9e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/main.inc.php
View File

@ -500,12 +500,12 @@ if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
}
if (!isset($_SESSION['newtoken']) || getDolGlobalInt('MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL')) {
// Note: Using MAIN_SECURITY_CSRF_TOKEN_RENEWAL_ON_EACH_CALL is not recommended: if a user succeed in entering a data from
// a public page with a link that make a token regeneration, it can make use of the backoffice no more possible !
// Save in $_SESSION['newtoken'] what will be next token. Into forms, we will add param token = $_SESSION['newtoken']
$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
$_SESSION['newtoken'] = $token;
dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
// TODO Warning, if a user succeed in entering a data from a public page, he can enter a link that make a token regeneration making
// the use of the backoffice no more possible !
}
}
}