From e21b7d1121988e19219d091d67bc1cb78bd0e54d Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Tue, 5 May 2026 14:54:41 +0200 Subject: [PATCH] feat: Add generate session token to CsrfTokenManager Signed-off-by: Carl Schwan --- .../AppFramework/Middleware/Security/SecurityMiddleware.php | 2 +- lib/private/Security/CSRF/CsrfTokenManager.php | 4 ++++ lib/public/Util.php | 1 - 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 85c6ec4a898..c589d1f0dc5 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -196,7 +196,7 @@ class SecurityMiddleware extends Middleware { } } // CSRF check - also registers the CSRF token since the session may be closed later - Server::get(CsrfTokenManager::class)->getToken()->getEncryptedValue(); + Server::get(CsrfTokenManager::class)->generateSessionToken(); if ($this->isInvalidCSRFRequired($reflectionMethod)) { /* * Only allow the CSRF check to fail on OCS Requests. This kind of diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php index ab24de33a1d..a9b3afcc407 100644 --- a/lib/private/Security/CSRF/CsrfTokenManager.php +++ b/lib/private/Security/CSRF/CsrfTokenManager.php @@ -74,4 +74,8 @@ class CsrfTokenManager { $token->getDecryptedValue() ); } + + public function generateSessionToken(): void { + $this->getToken(); + } } diff --git a/lib/public/Util.php b/lib/public/Util.php index 2cf54335e4a..8731c628e92 100644 --- a/lib/public/Util.php +++ b/lib/public/Util.php @@ -449,7 +449,6 @@ class Util { return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); }, $value); } - // Specify encoding for PHP<5.4 return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); }