summaryrefslogtreecommitdiffstats
path: root/app/classes/CSRF.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/classes/CSRF.php')
-rw-r--r--app/classes/CSRF.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/app/classes/CSRF.php b/app/classes/CSRF.php
index 9a700cf..cf9fc1e 100644
--- a/app/classes/CSRF.php
+++ b/app/classes/CSRF.php
@@ -3,7 +3,7 @@
class CSRF
{
/** @var string */
- const HMAC_ALGORITHM = 'sha1';
+ const HMAC_ALGORITHM = 'sha256';
/** @var string */
const SESSION_KEY_NAME = '_csrf_key';
@@ -48,7 +48,7 @@ class CSRF
public static function getKey()
{
if (empty($_SESSION[self::SESSION_KEY_NAME])) {
- $_SESSION[self::SESSION_KEY_NAME] = random_bytes(16);
+ $_SESSION[self::SESSION_KEY_NAME] = bin2hex(random_bytes(16));
}
return $_SESSION[self::SESSION_KEY_NAME];
}
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-21 14:39:24 +0000