From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Sat, 21 Nov 2009 08:59:03 +0000 (+0000)
Subject: Don't trust user token
X-Git-Tag: v3.0.0~295
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=2d52e0760fc4abad60a6e9d2f02a396dd317391b;p=adminer.git

Don't trust user token

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1249 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 6049ac8c..ff35f694 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -60,5 +60,5 @@ if (is_string($connection) || !$adminer->login($username, $_SESSION["passwords"]
 unset($username);
 
 if (!$_SESSION["tokens"][$_GET["server"]]) {
-	$_SESSION["tokens"][$_GET["server"]] = (isset($_POST["server"]) && $_POST["token"] ? $_POST["token"] : rand(1, 1e6)); // defense against cross-site request forgery
+	$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
 }