Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CSRF Token Problem in CI 4.5.3 ( BUG ??? )
CSRF Token Problem in CI 4.5.3 ( BUG ??? )
  • Offline goeko77
    Newbie
  • *
  • Posts: 3
    Threads: 1
    Joined: Aug 2018
    Reputation: 0
#1
Exclamation  07-03-2024, 04:49 PM
(This post was last modified: 07-04-2024, 04:05 PM by kenjis.)

Posted CFRS token value only exists with deprecated getVar method but not with getPost.

Debug $_POST and getPost() output there is no CFRS Token variable.

print_r($_POST) 
print_r($this->request->getPost())


Debug $_REQUEST and getVar() output there is CFRS Token variable.

print_r($_REQUEST) 
print_r($this->request->getVar())

In Codeigniter4 documentation I found a important message and warning message, so I should not use getVar method.
(https://codeigniter.com/user_guide/incom...tml#getvar)
Is it wrong in documentation?

I cannot use csrf_hash(), because it generate every time a new token.
So posted token can't be checked with.


Here are the messages from documentation.

Important
This method exists only for backward compatibility. Do not use it in new projects. Even if you are already using it, we recommend that you use another, more appropriate method.

Warning
If you want to validate POST data only, don’t use
getVar()
. Newer values override older values. POST values may be overridden by the cookies if they have the same name, and you set “C” after “P” in request-order.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 230
#2
07-04-2024, 04:55 PM

> Is it wrong in documentation?

No. It is correct. getVar() is dangerous. Should not use.

If $_POST is empty, you may be already redirected.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB