Welcome Guest, Not a member yet? Register   Sign In
Search Results
    Thread: Query Builder: regex error when passing large array to where_in
Post: RE: Query Builder: regex error when passing large ...

kilishan Wrote: (02-15-2019, 11:52 AM) -- I would chunk the data into smaller pieces. Should work fine then. -- Yes, it doesn't error if I put the UPDATE into the foreach loop but that means that I ...
4,549 Views
5 Replies
02-18-2019, 04:01 AM
objecttothis
    Thread: Query Builder: regex error when passing large array to where_in
Post: RE: Query Builder: regex error when passing large ...

php_rocs Wrote: (02-15-2019, 11:48 AM) -- @objecttothis, Why is your Where clause so big?  Can you make it smaller? -- My WHERE clause isn't large. The WHERE IN clause is large however because ...
4,549 Views
5 Replies
02-18-2019, 03:57 AM
objecttothis
    Thread: Query Builder: regex error when passing large array to where_in
Post: Query Builder: regex error when passing large arra...

CI 3.1.9 PHP 5.6.38 FreeBSD 11.2 Apache 2.4 MySQL 5.7 Problem: passing a large array to where_in generates the php error and the update fails. Code: -- preg_match(): Compilation failed: regu...
4,549 Views
5 Replies
02-15-2019, 01:31 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

spjonez Wrote: (09-07-2017, 11:26 AM) -- objecttothis Wrote: (09-07-2017, 06:47 AM) -- csrf_regenerate is set to true and so far the AJAX calls haven't been doing things like giving a 200 on the fir...
9,538 Views
18 Replies
09-10-2017, 12:28 PM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

spjonez Wrote: (09-07-2017, 06:33 AM) -- Is cookie_httponly set to false? If security is your primary concern this should be set to true which will break the code you posted. Instead of reading the c...
9,538 Views
18 Replies
09-07-2017, 06:47 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: SOLUTION

OK, I finally found the source of the incompatibility with CodeIgniter's CSRF. In php.ini if Code: -- suhosin.cookie.encrypt = On -- is found then it causes CSRF in CI to kick back a 403 on ajax re...
9,538 Views
18 Replies
09-07-2017, 04:16 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

OK, we are getting closer. Due to the fact that my application doesn't exhibit the same 403 errors on another server that tells me that it's likely a server configuration that is not compatible with ...
9,538 Views
18 Replies
09-07-2017, 12:51 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

If I add 'customers/ajax_check_email' to csrf_exclude_uris or set csrf_protection to FALSE it gives me a 200 response code
9,538 Views
18 Replies
09-06-2017, 10:33 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

OK, here is an example of a place where CSRF returns a 403 (when CSRF is disabled I get 200).  I can't figure out what in the code is causing CSRF to not like it. view form.php PHP Code: -- ....
9,538 Views
18 Replies
09-06-2017, 06:13 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

dave friend Wrote: (08-22-2017, 01:45 PM) -- The CSRF token is only verified when $config['csrf_protection'] = TRUE; in config.php The server method is POST Does your hardening turns every G...
9,538 Views
18 Replies
08-23-2017, 02:48 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

Quote: -- Code can set a cookie any way it wants regardless of how a server is configured. If you're changing Apache defaults your code has to handle that. Personally I wouldn't configure the server...
9,538 Views
18 Replies
08-22-2017, 01:19 PM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

@spjonez I agree with you but the app is used by a lot of people and not all of them have SSL certificates for their servers. Besides that CI currently supports HTTP/1.1 which does not require HTTPS....
9,538 Views
18 Replies
08-22-2017, 11:28 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

I was able to change cookie_httponly to TRUE and the app did not give me login errors, but I was not able to re-add the HttpOnly directive in my httpd.conf and it made no difference in the 403 error I...
9,538 Views
18 Replies
08-22-2017, 08:18 AM
objecttothis
    Thread: Server config causing CSRF triggers
Post: RE: Server config causing CSRF triggers

spjonez Wrote: (08-22-2017, 06:18 AM) -- objecttothis Wrote: (08-22-2017, 03:52 AM) -- was causing CI CSRF protection to trigger.  IMO this was not a good design decision for CI to use the cookie fo...
9,538 Views
18 Replies
08-22-2017, 06:32 AM
objecttothis
  Exclamation Thread: Server config causing CSRF triggers
Post: Server config causing CSRF triggers

FreeBSD 11.0 Apache 2.4 MySQL 5.7 PHP 5.6.31 I've recently built, configured and security hardened this server and I installed opensourcepos which is a project I am contributing to.  With CSRF d...
9,538 Views
18 Replies
08-22-2017, 03:52 AM
objecttothis
    Thread: Blank page on upgrade from 2.1.4 to 2.2.x
Post: RE: Blank page on upgrade from 2.1.4 to 2.2.x

alkarim Wrote: (04-21-2015, 05:54 AM) -- Me too having the same problem with my web app....please help -- Did you modify php.ini and the codeignitor error log toggle to show you the error reports? ...
5,994 Views
4 Replies
04-21-2015, 08:14 AM
objecttothis
    Thread: Declaration of xxx should be compatible with yyy
Post: RE: Declaration of xxx should be compatible with y...

ok, read up on this and it sounds like even though my code works, there is risk that php gets confused about which function I'm calling and that's why it's throwing the warning. Curious that it does ...
7,311 Views
3 Replies
04-17-2015, 10:11 AM
objecttothis
    Thread: Blank page on upgrade from 2.1.4 to 2.2.x
Post: RE: Blank page on upgrade from 2.1.4 to 2.2.x

set the error logs to level 4 and that informed me that I had not set the datetime element in my php.ini file (unrelated). It also gave me: Fatal error: Call to undefined function hash_hmac() in .../...
5,994 Views
4 Replies
04-17-2015, 04:38 AM
objecttothis
    Thread: language file errors during upgrade from 2.1.4 to 3.0.0
Post: RE: language file errors during upgrade from 2.1.4...

Keep in mind this is working without errors in my CI 2.x production environment. Ill check my code when I get home but you're suggesting things that would have broken the CI 2.x web-app also.
4,440 Views
7 Replies
04-16-2015, 08:18 AM
objecttothis
    Thread: Blank page on upgrade from 2.1.4 to 2.2.x
Post: Blank page on upgrade from 2.1.4 to 2.2.x

My web application is working fine on PHP 5.6.6 running CI 2.1.4. upgrading to CI 3.0.0 breaks a lot of the code so I'm wanting to upgrade to the most stable legacy version (2.2.2) however when I fol...
5,994 Views
4 Replies
04-16-2015, 07:56 AM
objecttothis

Theme © iAndrew 2016 - Forum software by © MyBB