summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-09-08 21:51:24 +0200
committerLukas Reschke <lukas@owncloud.com>2015-09-08 21:51:24 +0200
commit8958247b4e13078be9898bc6a5ab86a7c67033d3 (patch)
treef2abacf0a441c370d9b59256358aca52fb257636
parent73d38399624513ffcf5077abb6edfd1c3d3e1c14 (diff)
parenta03422c55afb5fdf3d8527d870a85160e0f95c6a (diff)
downloadnextcloud-server-8958247b4e13078be9898bc6a5ab86a7c67033d3.tar.gz
nextcloud-server-8958247b4e13078be9898bc6a5ab86a7c67033d3.zip
Merge pull request #18914 from owncloud/generate-requesttoken-only-once
Cache generated result
-rw-r--r--lib/private/util.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/private/util.php b/lib/private/util.php
index 0fda55496dc..f110d618f77 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1054,6 +1054,7 @@ class OC_Util {
return $id;
}
+ protected static $encryptedToken;
/**
* Register an get/post call. Important to prevent CSRF attacks.
*
@@ -1066,6 +1067,11 @@ class OC_Util {
* @see OC_Util::isCallRegistered()
*/
public static function callRegister() {
+ // Use existing token if function has already been called
+ if(isset(self::$encryptedToken)) {
+ return self::$encryptedToken;
+ }
+
// Check if a token exists
if (!\OC::$server->getSession()->exists('requesttoken')) {
// No valid token found, generate a new one.
@@ -1078,7 +1084,8 @@ class OC_Util {
// Encrypt the token to mitigate breach-like attacks
$sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10);
- return \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret;
+ self::$encryptedToken = \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret;
+ return self::$encryptedToken;
}
/**