Is there a fix for the CSRF "The action you have requested is not allowed" issue?

Is there a fix for the CSRF "The action you have requested is not allowed" issue?

El Forum
Guest

12-07-2012, 10:15 AM

[eluser]Unknown[/eluser]
I've been having the same problem and after many tracing I found out a bug in codeigniter 2.0 which is in xss_clean function in codeigniter/libraries/Form_validation.php

Code:
if ( ! isset($this->CI->security))

I changed to this

Code:
$CI =& get_instance();

if ( ! isset($CI->security))

and it works correctly.

It had loaded security class twice and cookies had been unset so the form token hadn't equaled to the cooky after one submit

Messages In This Thread

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 10-17-2012, 12:10 PM

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 10-31-2012, 10:09 AM

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 10-31-2012, 10:26 AM

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 12-07-2012, 10:15 AM

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 12-07-2012, 11:58 AM

Is there a fix for the CSRF "The action you have requested is not allowed" issue? - by El Forum - 10-09-2013, 11:00 PM