From e5d78a35231d1412aa7427f061aacdf73d92a796 Mon Sep 17 00:00:00 2001
From: Leon Klingele <git@leonklingele.de>
Date: Mon, 31 Oct 2016 18:22:42 +0100
Subject: Fix CSRF token generation / validation

Operate on raw bytes instead of base64-encoded strings.
Issue was introduced in a977465

Signed-off-by: Leon Klingele <git@leonklingele.de>
---
 lib/private/Security/CSRF/CsrfToken.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Security/CSRF/CsrfToken.php b/lib/private/Security/CSRF/CsrfToken.php
index dce9a83b727..e9bdf5b5204 100644
--- a/lib/private/Security/CSRF/CsrfToken.php
+++ b/lib/private/Security/CSRF/CsrfToken.php
@@ -51,8 +51,8 @@ class CsrfToken {
 	 */
 	public function getEncryptedValue() {
 		if($this->encryptedValue === '') {
-			$sharedSecret = base64_encode(random_bytes(strlen($this->value)));
-			$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . $sharedSecret;
+			$sharedSecret = random_bytes(strlen($this->value));
+			$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
 		}
 
 		return $this->encryptedValue;
@@ -71,6 +71,6 @@ class CsrfToken {
 		}
 		$obfuscatedToken = $token[0];
 		$secret = $token[1];
-		return base64_decode($obfuscatedToken) ^ $secret;
+		return base64_decode($obfuscatedToken) ^ base64_decode($secret);
 	}
 }
-- 
cgit v1.2.3