some more csrf fixes

author: Frank Karlitschek <karlitschek@kde.org> 2012-04-26 23:17:46 +0200
committer: Frank Karlitschek <karlitschek@kde.org> 2012-04-26 23:17:46 +0200
commit: 74b5e22a684c3095dbd48b56da1a10d955c20305 (patch)
tree: f4b350ac022cfe4e8935b7910470dcfbbd7a0ec5 /lib
parent: d96e962fc1f5df7efec5266d34735ebcdc20b056 (diff)
download: nextcloud-server-74b5e22a684c3095dbd48b56da1a10d955c20305.tar.gz
nextcloud-server-74b5e22a684c3095dbd48b56da1a10d955c20305.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php
index ec70fd91cb5..29d0691a63d 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -253,6 +253,9 @@ class OC_Util {
 		} else {
 			$parameters["username"] = '';
 		}
+		$sectoken=rand(1000000,9999999);
+		$_SESSION['sectoken']=$sectoken;
+		$parameters["sectoken"] = $sectoken;
 		OC_Template::printGuestPage("", "login", $parameters);
 	}
author	Frank Karlitschek <karlitschek@kde.org>	2012-04-26 23:17:46 +0200
committer	Frank Karlitschek <karlitschek@kde.org>	2012-04-26 23:17:46 +0200
commit	74b5e22a684c3095dbd48b56da1a10d955c20305 (patch)
tree	f4b350ac022cfe4e8935b7910470dcfbbd7a0ec5 /lib
parent	d96e962fc1f5df7efec5266d34735ebcdc20b056 (diff)
download	nextcloud-server-74b5e22a684c3095dbd48b56da1a10d955c20305.tar.gz nextcloud-server-74b5e22a684c3095dbd48b56da1a10d955c20305.zip