diff options
author | Lukas Reschke <lukas@owncloud.com> | 2015-09-08 21:51:24 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2015-09-08 21:51:24 +0200 |
commit | 8958247b4e13078be9898bc6a5ab86a7c67033d3 (patch) | |
tree | f2abacf0a441c370d9b59256358aca52fb257636 | |
parent | 73d38399624513ffcf5077abb6edfd1c3d3e1c14 (diff) | |
parent | a03422c55afb5fdf3d8527d870a85160e0f95c6a (diff) | |
download | nextcloud-server-8958247b4e13078be9898bc6a5ab86a7c67033d3.tar.gz nextcloud-server-8958247b4e13078be9898bc6a5ab86a7c67033d3.zip |
Merge pull request #18914 from owncloud/generate-requesttoken-only-once
Cache generated result
-rw-r--r-- | lib/private/util.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/private/util.php b/lib/private/util.php index 0fda55496dc..f110d618f77 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1054,6 +1054,7 @@ class OC_Util { return $id; } + protected static $encryptedToken; /** * Register an get/post call. Important to prevent CSRF attacks. * @@ -1066,6 +1067,11 @@ class OC_Util { * @see OC_Util::isCallRegistered() */ public static function callRegister() { + // Use existing token if function has already been called + if(isset(self::$encryptedToken)) { + return self::$encryptedToken; + } + // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. @@ -1078,7 +1084,8 @@ class OC_Util { // Encrypt the token to mitigate breach-like attacks $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10); - return \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret; + self::$encryptedToken = \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret; + return self::$encryptedToken; } /** |