| CSRF Vulnerabilities and Code Igniter plugin |
[eluser]bevans[/eluser]
EDIT: THIS IS WORKING NOW... (WORKING ON LOCALHOST AT THIS TIME.) THE PROBLEM WHY IT WAS NOT WORKING: THE PARAMTERS FOR THE SETCOOKIE FUNCTION WERE NOT CORRECT. I CHANGED THE PARAMETERS AND NOW IT WORKS. On line 90 of MY_Input.php Changed from this: setcookie('ci_token', $ci_token, time()+$this->CSRF_expire, '/', $domain); TO THIS: setcookie('ci_token', $ci_token, time()+$this->CSRF_expire, "/", "", "0"); [quote author="BIll Zeller" date="1222748003"]Hey guys, ...and also a plugin for Code Igniter (php 5 only) that can automatically protect against these type of attacks. The CI plugin was written because Code Igniter is my framework of choice and I didn't see a plugin available. I've love to hear your feedback. Thanks! Best Regards, Bill Zeller[/quote] Thanks for the plugin... I am having troubles getting it to work with Code Igniter 1.7 Any ideas or suggestions from anyone as to why it is not working? I should specify the problem. It is not setting the ci_token cookie. It is getting down through the code and hits the setcookie()function, but the cookie is not setting. Looking at code all day... probably just something simple, but I am not seeing the problem. Any suggestions? Thanks in advance. bevans |
| Welcome Guest, Not a member yet? Register Sign In |
