[eluser]fatTireFreak[/eluser]
I had a similar issue. What I'm thinking of doing is something like this.
In my config I'm going to create an entry like this:
Code:
$config['csfr_exclusions'] = array('controller1'=>array('method1', 'method2')
'controller2'=>array('method1'));
Then I created a MY_Input class and put this code in the constructor:
Code:
$CFG =& load_class('Config');
$SEC =& load_class('Security');
$RTE =& load_class('Router');
$this->security =& $SEC;
$this->router =& $RTE;
$this->config =& $CFG;
In MY_Input class _sanitize_globals() method I changed the call to csfr_verify to a method in MY_Input class
Code:
if ($this->_enable_csrf == TRUE)
{
$this->csrf_verify();
}
Then I created this method in MY_Input class:
Code:
function csrf_verify() {
$controller = $this->router->fetch_class();
$method = $this->router->fetch_method();
$csrf_exclusions = config_item('csfr_exclusions');
if(array_key_exists($controller, $csrf_exclusions)) {
$excluded = (in_array($method,$csrf_exclusions[$controller])) ? TRUE : FALSE;
} else {
$excluded = FALSE;
}
if($excluded != TRUE) {
$this->security->csrf_verify();
}
}