feat: Add generate session token to CsrfTokenManager

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-10 17:23:59 -04:00 · 2026-05-05 14:54:41 +02:00 · 2026-05-05 14:54:41 +02:00 · e21b7d1121
commit e21b7d1121
parent c5c3525a6e
3 changed files with 5 additions and 2 deletions
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@ -196,7 +196,7 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 		// CSRF check - also registers the CSRF token since the session may be closed later
-		Server::get(CsrfTokenManager::class)->getToken()->getEncryptedValue();
+		Server::get(CsrfTokenManager::class)->generateSessionToken();
 		if ($this->isInvalidCSRFRequired($reflectionMethod)) {
 			/*
 			 * Only allow the CSRF check to fail on OCS Requests. This kind of
--- a/lib/private/Security/CSRF/CsrfTokenManager.php
+++ b/lib/private/Security/CSRF/CsrfTokenManager.php
@ -74,4 +74,8 @@ class CsrfTokenManager {
 			$token->getDecryptedValue()
 		);
 	}
+
+	public function generateSessionToken(): void {
+		$this->getToken();
+	}
 }
--- a/lib/public/Util.php
+++ b/lib/public/Util.php
@ -449,7 +449,6 @@ class Util {
 				return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
 			}, $value);
 		}
-		// Specify encoding for PHP<5.4
 		return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
 	}