Welcome Guest, Not a member yet? Register   Sign In
[Solved] Any thing better than CSRF
#11

(12-17-2016, 02:30 AM)Diederik Wrote: I remember I ran into such an issue a while ago. Turned out I made some misrake where it ran form / csrf validation twice. So the first check regenerated the csrf key so the secind pass would always return false... Perhaps you could try finding such a case in your code. To trace this case I put some debug echo code in the core form validation/csrf files.

Hello,

I have found this which redirects back to page instead of showing CSRF error is that safe?

Found here https://github.com/benedmunds/CodeIgnite...t-60716698


PHP Code:
<?php

class MY_Security extends CI_Security {

 
   public function __construct()
 
   {
 
       parent::__construct();
 
   }

 
   public function csrf_show_error()
 
   {
 
       // show_error('The action you have requested is not allowed.');  // default code

 
       // force page "refresh" - redirect back to itself with sanitized URI for security
 
       // a page refresh restores the CSRF cookie to allow a subsequent login
 
       header('Location: ' htmlspecialchars($_SERVER['REQUEST_URI']), TRUE200);
 
   }


There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Messages In This Thread
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 11:44 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 01:33 PM
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 03:57 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 09:11 PM
RE: Any thing better than CSRF - by Diederik - 12-17-2016, 02:30 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:24 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-20-2016, 01:10 AM
RE: Any thing better than CSRF - by skunkbad - 12-17-2016, 03:23 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:40 PM
RE: Any thing better than CSRF - by kenjis - 12-17-2016, 05:12 PM
RE: Any thing better than CSRF - by Diederik - 12-20-2016, 03:13 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-22-2016, 08:21 PM



Theme © iAndrew 2016 - Forum software by © MyBB