flash/index
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Change CSRFP epoch and check if token is empty.

Browse source
This commit is contained in:
flash 2023-07-11 22:11:56 +00:00
parent 4d92459731
commit 31798a6b53
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
VERSION
View file

@ -1 +1 @@
0.2307.112200
0.2307.112211

4
src/Security/CSRFP.php
View file

@ -12,7 +12,7 @@ use Index\Serialisation\Serialiser;
*/
class CSRFP {
private const TOLERANCE = 30 * 60;
private const EPOCH = 1682985600;
private const EPOCH = 1575158400;
private const HASH_ALGO = 'sha3-256';
private const TIMESTAMP_LENGTH = 4;
@ -74,7 +74,7 @@ class CSRFP {
* @return bool true if the token is valid, false if not.
*/
public function verifyToken(string $token, int $tolerance = -1, int $time = -1): bool {
if($tolerance === 0)
if($tolerance === 0 || empty($token))
return false;
if($tolerance < 0)
$tolerance = $this->tolerance;