diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:25:43 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:25:43 +0200 |
| commit | a132f948f22ae344760ee3da82f9f92cf0f18b7b (patch) | |
| tree | abc50c014f2ada35fb95a04befa2436c96fd4fb7 /inc | |
| parent | cdcd66dfc2bcf16e481d10bfa2d3ff1b4d433f99 (diff) | |
| download | rpg-a132f948f22ae344760ee3da82f9f92cf0f18b7b.tar.gz rpg-a132f948f22ae344760ee3da82f9f92cf0f18b7b.tar.bz2 | |
use HMAC for CSRF security tokens FS#2794
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/common.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/common.php b/inc/common.php index e096d8b30..55c5b5ac4 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,7 +56,7 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']); + return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); } /** |