Welcome Guest, Not a member yet? Register   Sign In
CSRF and Form Validation
#1

I'm trying to validate the CSRF cookie against the CSRF token name when processing a form.

I'm using form_open(); and can see the hidden CSRF input field but can't access it...


$this->input->post($this->security->get_csrf_token_name()) is always empty. Why?

I'm clearly sending the variable as seen by $this->input->raw_input_stream;

Any ideas why I can't access if via POST directly?

This doesn't work:


PHP Code:
if($this->input->post($this->security->get_csrf_token_name(), TRUE) == get_cookie($this->config->item('csrf_cookie_name') , TRUE) ) {





I'm doing this below instead, and it's working fine, but really curious why the above version doesn't work


PHP Code:
if($this->security->get_csrf_hash() == get_cookie($this->config->item('csrf_cookie_name') , TRUE) ) {




Thanks!
Reply
#2

CI does this validation automatically and then unsets the $_POST entry. You don't have to do anything.
Reply
#3

(10-05-2017, 02:05 AM)Narf Wrote: CI does this validation automatically and then unsets the $_POST entry. You don't have to do anything.

Ah now it makes sense. Thank you!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB