From 483d0293f7e4d527daea7dc8adbfc8362d72b13d Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Tue, 11 Jul 2023 03:20:58 -0400
Subject: [PATCH] fix: make CSRF tokens exist for the duration of the session

---
 includes/common.php           | 6 +-----
 public/admin/paste_action.php | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/includes/common.php b/includes/common.php
index aa61b27..78fdf48 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -218,11 +218,7 @@ function verifyCsrfToken($token = null) : bool {
         return false;
     }
 
-    $success = hash_equals($_SESSION[SessionHelper::CSRF_TOKEN_KEY], $token);
-
-    unset($_SESSION[SessionHelper::CSRF_TOKEN_KEY]);
-
-    return $success;
+    return hash_equals($_SESSION[SessionHelper::CSRF_TOKEN_KEY], $token);
 }
 
 session_start();
diff --git a/public/admin/paste_action.php b/public/admin/paste_action.php
index 8434bda..02c4ece 100644
--- a/public/admin/paste_action.php
+++ b/public/admin/paste_action.php
@@ -51,7 +51,7 @@ if (isset($_POST['hide'])) {
 
         $paste->save();
         $redis->del('ajax_pastes'); /* Expire from Redis so it doesn't show up anymore */
-        AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . 'blanked.');
+        AdminLog::updateAdminHistory($current_user, AdminLog::ACTION_BLANK_PASTE, 'Paste ' . $paste->id . ' blanked.');
 
         flashSuccess('Paste contents blanked.');
     }