Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Fix for a XSS bug in CI
Fix for a XSS bug in CI
  • El Forum
    Unregistered
  •  
#3
05-07-2012, 12:22 PM

[eluser]alexman[/eluser]
We don't use git ^^

Patch:
Code:
Index: system/core/Security.php
===================================================================
--- system/core/Security.php (revision 8)
+++ system/core/Security.php (working copy)
@@ -848,7 +848,7 @@
    // each page load since a page could contain embedded
    // sub-pages causing this feature to fail
    if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
-    $_COOKIE[$this->_csrf_cookie_name] != '')
+    preg_match( '#^[0-9a-f]{32}$#iS', $_COOKIE[$this->csrf_cookie_name] ) > 0)
    {
     return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
    }


Messages In This Thread
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 09:18 AM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 10:26 AM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:22 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:22 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:32 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:11 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:18 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:25 PM



Theme © iAndrew 2016 - Forum software by © MyBB