Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Fix for a XSS bug in CI
Fix for a XSS bug in CI
  • El Forum
    Guest
  •  
#1
05-07-2012, 09:18 AM

[eluser]Patrick Savalle[/eluser]
It is possible to inject code into the CSRF parameter of the CI-FORMS. This code will be send back to the browser in the reply. The preg_match in the code-snippet will fix it. Put this in /system/libraries/Security.php (replace original piece of code)

Code:
private function _csrf_set_hash()
    {
        if ($this->csrf_hash == '')
        {
            // If the cookie exists we will use it's value.  We don't necessarily want to regenerate it with
            // each page load since a page could contain embedded sub-pages causing this feature to fail
            if (isset($_COOKIE[$this->csrf_cookie_name]) AND preg_match( '#^[0-9a-f]{32}$#iS', $_COOKIE[$this->csrf_cookie_name] ) > 0)
            {
                $this->csrf_hash = $_COOKIE[$this->csrf_cookie_name];
            }
            else
            {
                $this->csrf_hash = md5(uniqid(rand(), TRUE));
            }
        }

        return $this->csrf_hash;
    }
}


Messages In This Thread
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 09:18 AM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 10:26 AM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:22 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:22 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 12:32 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:11 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:18 PM
Fix for a XSS bug in CI - by El Forum - 05-07-2012, 01:25 PM



Theme © iAndrew 2016 - Forum software by © MyBB