Welcome Guest, Not a member yet? Register   Sign In
Search Results
    Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin for your help. I am posting the solution in case someone needs it: PHP Code: -- $('#department_id').change(function() {    var department_id=$("#department_id").val();    var d...
9,134 Views
11 Replies
07-31-2017, 12:19 AM
june123
    Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

The csfrData is not being updated. Plese help in resolving this issue.
9,134 Views
11 Replies
07-28-2017, 11:50 PM
june123
    Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin for your help and giving some much needed confidence  ;) But to be honest, I am not very good with this json/jquery stuff. Thats why I had to stitch up that weird json string. Now I ...
9,134 Views
11 Replies
07-28-2017, 06:15 AM
june123
    Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Thanks Martin. I am using jquery. I am giving detailed code here: Quote: -- $('#project_id').change(function() {         var project_id=$("#project_id").val();         var domain=$("#doma...
9,134 Views
11 Replies
07-28-2017, 01:36 AM
june123
    Thread: Setting csrf_regenerate as TRUE
Post: RE: Setting csrf_regenerate as TRUE

Martin7483 Wrote: (07-27-2017, 05:52 AM) -- Return the new CSRF token in your response and update the CSRF variable in your JavaScript. Remember to always include the CSRF token no matter the stat...
9,134 Views
11 Replies
07-27-2017, 08:27 AM
june123
    Thread: Setting csrf_regenerate as TRUE
Post: Setting csrf_regenerate as TRUE

I am using CI3. When I set $config['csrf_regenerate'] = TRUE;, after the first request, subsequent ajax requests fail. This is obviously because of the csrf token being regenarated after every r...
9,134 Views
11 Replies
07-27-2017, 04:45 AM
june123
    Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Martin. Worked like a charm  ;)   ;)
7,759 Views
7 Replies
07-25-2017, 10:31 PM
june123
    Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Paul for your reply. This way I can do the escaping in the controller itself. Quote: -- $roles = $this->db->query($sql1, array($role_id)); $data['role'] = html_escape($roles->result...
7,759 Views
7 Replies
07-25-2017, 04:44 AM
june123
    Thread: escaping output in CodeIgniter
Post: RE: escaping output in CodeIgniter

Thanks Martin. So I have  to do escaping like this for all the fields to be displayed: Quote: --                                 --
7,759 Views
7 Replies
07-24-2017, 08:00 AM
june123
    Thread: escaping output in CodeIgniter
Post: escaping output in CodeIgniter

Filter Input, Escape Output. After filtering input, I am using html_escape function to escape database output before displaying it in the browser. Quote: -- $query = $this->db->query($sentstr...
7,759 Views
7 Replies
07-24-2017, 04:27 AM
june123
    Thread: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc
Post: RE: Preventing X-XSS-Protection header missing, X-...

Can someone please give some suggestion. It can be done at server side but how to enforce it from client?
7,357 Views
4 Replies
07-16-2017, 07:58 PM
june123
    Thread: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc
Post: Preventing X-XSS-Protection header missing, X-Cont...

How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ? I have used the following code in header.php : Code: --
7,357 Views
4 Replies
07-14-2017, 02:16 AM
june123
    Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

Ok. Thank you all
7,494 Views
7 Replies
07-07-2017, 03:11 AM
june123
    Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

But the PUT method can be used to introduce malicious codes to the server. Similarly the DELETE method can be used to remove important files of the application, thus causing denial of service, rem...
7,494 Views
7 Replies
07-06-2017, 10:45 PM
june123
    Thread: Prevent HTTP verb tampering
Post: RE: Prevent HTTP verb tampering

Thanks for your reply. Shouldn't we prevent unauthorized HTTP methods from gaining access to our application ?
7,494 Views
7 Replies
07-06-2017, 07:16 PM
june123
    Thread: Prevent HTTP verb tampering
Post: Prevent HTTP verb tampering

What is the proper way to prevent HTTP verb tampering in CodeIgniter 3 so that except POST and GET other HTTP methods are not allowed? I have used  Quote: -- if ($_SERVER['REQUEST_METHOD'] ...
7,494 Views
7 Replies
07-06-2017, 01:41 AM
june123
    Thread: CodeIgniter Form Validation for a Name
Post: RE: CodeIgniter Form Validation for a Name

Yeah, I totally agree.  But having alpha_space would have helped.  Also for june123 we already have alpha_numeric, for "june123 Narf" we can use alpha_numeric_spaces  ;)
4,173 Views
6 Replies
06-27-2017, 07:31 AM
june123
    Thread: CodeIgniter Form Validation for a Name
Post: CodeIgniter Form Validation for a Name

Hello, When a form takes a person's name as input, it is usually two or three strings separated by spaces i,e. Henry David Lee. However going through CodeIgniter validation rules I couldn't find...
4,173 Views
6 Replies
06-27-2017, 02:56 AM
june123
    Thread: Storing session information in permanent cookie
Post: RE: Storing session information in permanent cooki...

Narf Wrote: (06-23-2017, 02:01 AM) -- Persistent, not permanent. But if there's any security issue with that, it's the "stores sensitive session information" part. Also, the configuration you're s...
10,002 Views
12 Replies
06-23-2017, 02:42 AM
june123
    Thread: Storing session information in permanent cookie
Post: Storing session information in permanent cookie

Hello, I am developing an application using CodeIgniter 3.1.4. Below is my session configuration: Code: -- $config['sess_cookie_name'] = 'cisession'; $config['sess_expiration'] = 1200; $con...
10,002 Views
12 Replies
06-23-2017, 12:41 AM
june123

Theme © iAndrew 2016 - Forum software by © MyBB