From 2fc0dc34fe05dde6bb8b9080d69bf791ada17c8b Mon Sep 17 00:00:00 2001
From: Anton Reutov <a.reutov@outlook.com>
Date: Mon, 16 Aug 2021 14:56:37 +0300
Subject: [PATCH] Fix for "Broken or Risky Cryptographic Algorithm"

---
 web/inc/main.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/web/inc/main.php b/web/inc/main.php
index dfa482a15e..e6ae4b915d 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -58,9 +58,10 @@
     exit;
 }
 
+// Generate CSRF Token
 if (isset($_SESSION['user'])) {
-    if(!isset($_SESSION['token'])){
-        $token = uniqid(mt_rand(), true);
+        if (!isset($_SESSION['token'])){
+        $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
         $_SESSION['token'] = $token;
     }
 }