Undefined property after updating 2.0.2

[eluser]Unknown[/eluser]
Hi there.

I just updated my CodeIgniter application to version 2.0.2. I had been using the csrf cookie token in my old application but now when I run my application it comes up with this error:

Code:

A PHP Error was encountered

Severity: Notice

Message: Undefined property: CI_Security::$csrf_token_name

Filename: helpers/form_helper.php

Line Number: 70

If I turn off the csrf cookie then it works fine.

Any ideas?

[eluser]Rolling[/eluser]
I'm getting the same issues with my own stuff from the form helper as well. I've since rolled back to 2.01 as trying to fix these things (CI system) myself at this stage would probably be premature.

[eluser]Unknown[/eluser]
I think I've found the bug. When the Security library was moved from the library to Core, the properties were changed from being public properties to protected properties, and renamed as well.

It looked like this:

Code:

class CI_Security {

    public $xss_hash        = '';
    public $csrf_hash        = '';
    public $csrf_expire        = 7200;  // Two hours (in seconds)
    public $csrf_token_name        = 'ci_csrf_token';
    public $csrf_cookie_name    = 'ci_csrf_token';

but now it looks like this:

Code:

class CI_Security {
    
    protected $_xss_hash        = '';
    protected $_csrf_hash        = '';
    protected $_csrf_expire        = 7200;  // Two hours (in seconds)
    protected $_csrf_token_name    = 'ci_csrf_token';
    protected $_csrf_cookie_name    = 'ci_csrf_token';

It looks like the form helper wasn't updated to use the new code. I'm not going to manually change this as I don't know how widespread this is across the code, but I hope CodeIgniter comes up with a fix soon.

Best regards,

Ingiber

[eluser]Unknown[/eluser]
Yes, it's a SILLY bug in the Security library.

If you don't want to wait, it is BEST to use CI 2.0.1 again.

[eluser]Spir[/eluser]
[quote author="romidesign" date="1302267939"]Yes, it's a SILLY bug in the Security library.

If you don't want to wait, it is BEST to use CI 2.0.1 again.[/quote]form helper update line 70:

Code:

$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();

And if you try to use the csrf by hand (not using form open do it that way :

Code:

<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash()?>" />

instead of

Code:

<input type="hidden" name="<?php echo $this->csrf_cookie_name; ?>" value="<?php echo $this->csrf_hash?>" />

[eluser]Phil Sturgeon[/eluser]
Thanks Spir. I've pushed this fix so hopefully we can retag 2.0.2 shortly.

Edit: Greg beat me to it! Looks like its been fixed twice.

[eluser]Spir[/eluser]
it has been fixed :
https://bitbucket.org/ellislab/codeignit...342fecd5ae

https://bitbucket.org/ellislab/codeignit...42dc092041

[eluser]patwork[/eluser]
It has been not completly fixed!

https://bitbucket.org/ellislab/codeignit...ng-ingored

[eluser]defectivereject[/eluser]
No matter where i put my_security_helper, it won't call any function on it....!

[eluser]InsiteFX[/eluser]
If your using a MY_security_helper then it should go into application/helpers
And it should be named like that!

Also when using helper you need to use the CodeIgniter Super Object.

Code:

$CI =& get_instance();

$CI->Do_Something();

InsiteFX