Login

wolfgang1983 · 12-16-2016, 09:11 PM

(12-16-2016, 03:57 PM)PaulD Wrote: Does the CSRF work when you use a simple form_open ?

Edit: I presume everything works fine when you turn off the CSRF for your code.

Edit 2: I have not actually built a CI site in ages but am just building two now with latest version (a large shop and a smaller product design shop) - however I doubt I will need multi part forms. Everything seems just as always so far except admittedly I have not started using the CSRF yet. I very much doubt and do not expect a bug in that though. I will switch it on tomorrow and see if anything unexpected happens.

Edit 3: I must admit I do love the google 'I am a human' checkbox :-)but Ido not like their captcha system - it is often so difficult even I struggle with it sometimes. Have you played the recordings - even worse than the text.

Yes the CSRF works when have form_open and form_open_mulitpart the issue is when I submit form It regenerate a new token and makes it throw error. error the action you have requested is not allowed I can't find away on my controller so I can stop if from throwing error. I followed this way https://www.codeigniter.com/user_guide/l...rgery-csrf also

Such a pain

PHP Code:
$config['cookie_prefix']    = '';
$config['cookie_domain']    = '';
$config['cookie_path']        = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']     = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 

Attached Files
.php

Thread.php (Size: 3.34 KB / Downloads: 87)
.php

thread_form.php (Size: 2.68 KB / Downloads: 86)

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!