flash/index
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Change CSRFP epoch and check if token is empty.

Browse source
This commit is contained in:
flash 2023-07-11 22:11:56 +00:00
parent 4d92459731
commit 31798a6b53
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
VERSION
View file

@ -1 +1 @@
0.2307.112200 0.2307.112211

4
src/Security/CSRFP.php
View file

@ -12,7 +12,7 @@ use Index\Serialisation\Serialiser;
*/ */
class CSRFP { class CSRFP {
private const TOLERANCE = 30 * 60; private const TOLERANCE = 30 * 60;
private const EPOCH = 1682985600; private const EPOCH = 1575158400;
private const HASH_ALGO = 'sha3-256'; private const HASH_ALGO = 'sha3-256';
private const TIMESTAMP_LENGTH = 4; private const TIMESTAMP_LENGTH = 4;
@ -74,7 +74,7 @@ class CSRFP {
* @return bool true if the token is valid, false if not. * @return bool true if the token is valid, false if not.
*/ */
public function verifyToken(string $token, int $tolerance = -1, int $time = -1): bool { public function verifyToken(string $token, int $tolerance = -1, int $time = -1): bool {
if($tolerance === 0) if($tolerance === 0 || empty($token))
return false; return false;
if($tolerance < 0) if($tolerance < 0)
$tolerance = $this->tolerance; $tolerance = $this->tolerance;