summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
Diffstat (limited to 'program/include')
-rw-r--r--program/include/rcmail.php11
1 files changed, 4 insertions, 7 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index d9bb30bbe..0fc744605 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1106,12 +1106,8 @@ class rcmail
*/
public function get_request_token()
{
- $key = $this->task;
-
- if (!$_SESSION['request_tokens'][$key])
- $_SESSION['request_tokens'][$key] = md5(uniqid($key . mt_rand(), true));
-
- return $_SESSION['request_tokens'][$key];
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id);
}
@@ -1124,7 +1120,8 @@ class rcmail
public function check_request($mode = RCUBE_INPUT_POST)
{
$token = get_input_value('_token', $mode);
- return !empty($token) && $_SESSION['request_tokens'][$this->task] == $token;
+ $sess_id = $_COOKIE[ini_get('session.name')];
+ return !empty($sess_id) && $token == $this->get_request_token();
}