Skip to content

O
OpnSense
Commit b78720b8 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

csrf: tweak previous

parent d6411ae0
Show whitespace changes
Inline Side-by-side
Showing with 4 additions and 1 deletion
src/etc/inc/system.inc
View file @ b78720b8
...@@ -963,6 +963,7 @@ function system_webgui_start() ...@@ -963,6 +963,7 @@ function system_webgui_start()
global $config; global $config;
chdir('/usr/local/www'); chdir('/usr/local/www');
@unlink('/usr/local/www/csrf/csrf-secret.php');
/* defaults */ /* defaults */
$portarg = "80"; $portarg = "80";
......
src/etc/rc
View file @ b78720b8
...@@ -183,7 +183,7 @@ echo "done." ...@@ -183,7 +183,7 @@ echo "done."
# let the PHP-based configuration subsystem set up the system now # let the PHP-based configuration subsystem set up the system now
echo -n "Launching the init system..." echo -n "Launching the init system..."
rm -f /usr/local/www/csrf/csrf-secret.php /root/lighttpd* rm -f /root/lighttpd*
touch /var/run/booting touch /var/run/booting
/usr/local/etc/rc.bootup /usr/local/etc/rc.bootup
rm /var/run/booting rm /var/run/booting
......
src/www/csrf/csrf-magic.php
View file @ b78720b8
...@@ -425,6 +425,8 @@ function csrf_get_secret() ...@@ -425,6 +425,8 @@ function csrf_get_secret()
} }
if (is_writable($dir)) { if (is_writable($dir)) {
$secret = csrf_generate_secret(); $secret = csrf_generate_secret();
touch($file);
chmod($file, 0600);
$fh = fopen($file, 'w'); $fh = fopen($file, 'w');
fwrite($fh, '<?php $secret = "'.$secret.'";' . PHP_EOL); fwrite($fh, '<?php $secret = "'.$secret.'";' . PHP_EOL);
fclose($fh); fclose($fh);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023