CodeIgniter Forums - Search Results

Pages (2): 1 2 Next »

Search Results

Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin for your help. I am posting the solution in case someone needs it: PHP Code: -- $('#department_id').change(function() { var department_id=$("#department_id").val(); var d...

Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

The csfrData is not being updated. Plese help in resolving this issue.

Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin for your help and giving some much needed confidence ;) But to be honest, I am not very good with this json/jquery stuff. Thats why I had to stitch up that weird json string. Now I ...

Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin. I am using jquery. I am giving detailed code here: Quote: -- $('#project_id').change(function() { var project_id=$("#project_id").val(); var domain=$("#doma...

Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Martin7483 Wrote: (07-27-2017, 05:52 AM) -- Return the new CSRF token in your response and update the CSRF variable in your JavaScript. Remember to always include the CSRF token no matter the stat...

Thread: Setting csrf_regenerate as TRUE
Post: Setting csrf_regenerate as TRUE

I am using CI3. When I set $config['csrf_regenerate'] = TRUE;, after the first request, subsequent ajax requests fail. This is obviously because of the csrf token being regenarated after every r...

Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Martin. Worked like a charm ;) ;)

Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Paul for your reply. This way I can do the escaping in the controller itself. Quote: -- $roles = $this->db->query($sql1, array($role_id)); $data['role'] = html_escape($roles->result...

Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Martin. So I have to do escaping like this for all the fields to be displayed: Quote: -- --

Thread: escaping output in CodeIgniter
Post: escaping output in CodeIgniter

Filter Input, Escape Output. After filtering input, I am using html_escape function to escape database output before displaying it in the browser. Quote: -- $query = $this->db->query($sentstr...

Thread: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc
Post: RE: Preventing X-XSS-Protection header missing, X-...

Can someone please give some suggestion. It can be done at server side but how to enforce it from client?

Thread: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc
Post: Preventing X-XSS-Protection header missing, X-Cont...

How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ? I have used the following code in header.php : Code: --

Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

Ok. Thank you all

Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

But the PUT method can be used to introduce malicious codes to the server. Similarly the DELETE method can be used to remove important files of the application, thus causing denial of service, rem...

Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

Thanks for your reply. Shouldn't we prevent unauthorized HTTP methods from gaining access to our application ?

Thread: Prevent HTTP verb tampering
Post: Prevent HTTP verb tampering

What is the proper way to prevent HTTP verb tampering in CodeIgniter 3 so that except POST and GET other HTTP methods are not allowed? I have used Quote: -- if ($_SERVER['REQUEST_METHOD'] ...

Thread: CodeIgniter Form Validation for a Name
Post: RE: CodeIgniter Form Validation for a Name

Yeah, I totally agree. But having alpha_space would have helped. Also for june123 we already have alpha_numeric, for "june123 Narf" we can use alpha_numeric_spaces ;)

Thread: CodeIgniter Form Validation for a Name
Post: CodeIgniter Form Validation for a Name

Hello, When a form takes a person's name as input, it is usually two or three strings separated by spaces i,e. Henry David Lee. However going through CodeIgniter validation rules I couldn't find...

Thread: Storing session information in permanent cookie
Post: RE: Storing session information in permanent cooki...

Narf Wrote: (06-23-2017, 02:01 AM) -- Persistent, not permanent. But if there's any security issue with that, it's the "stores sensitive session information" part. Also, the configuration you're s...

Thread: Storing session information in permanent cookie
Post: Storing session information in permanent cookie

Hello, I am developing an application using CodeIgniter 3.1.4. Below is my session configuration: Code: -- $config['sess_cookie_name'] = 'cisession'; $config['sess_expiration'] = 1200; $con...