Use Index for CSRF protection tokens.

2023-07-11 22:13:56 +00:00 · 2023-07-11 22:13:56 +00:00 · 163ff95cdf
commit 163ff95cdf
parent 5d62e6e741
2 changed files with 13 additions and 91 deletions
--- a/misuzu.php
+++ b/misuzu.php
@ -214,11 +214,9 @@ if($authToken->isValid()) {
        AuthToken::nukeCookie();
 }

-CSRF::setGlobalSecretKey($cfg->getValue('csrf.secret', IConfig::T_STR, 'soup'));
-CSRF::setGlobalIdentity(
-    UserSession::hasCurrent()
-        ? UserSession::getCurrent()->getToken()
-        : ($_SERVER['REMOTE_ADDR'] ?? '::1')
+CSRF::init(
+    $cfg->getValue('csrf.secret', IConfig::T_STR, 'soup'),
+    (UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : ($_SERVER['REMOTE_ADDR'] ?? '::1'))
 );

 function mszLockdown(): void {