Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers CSRF Security.php and config.php bug fix
CSRF Security.php and config.php bug fix
  • El Forum
    Guest
  •  
#1
08-25-2011, 03:22 AM

[eluser]Agustín Villalba[/eluser]
In CI 2.0.3 I have found that there's a bug in system/core/Security.php which doesn't load the config variables from config.php regarding to csrf_token_name and csrf_cookie_name.
This is the code from the developing branch in github that the CI's development team have implemented and I think it will be realeased in the next CI's stable release.

Change the __construct() code in the file system/core/Security.php to fix the bug:
Code:
// CSRF config
foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
if (FALSE !== ($val = config_item($key)))
{
$this->{'_'.$key} = $val;
}
}

// Append application specific cookie prefix
if (config_item('cookie_prefix'))
{
$this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
}

// Set the CSRF hash
$this->_csrf_set_hash();

log_message('debug', "Security Class Initialized");

I hope it helps you!
Regards!




Theme © iAndrew 2016 - Forum software by © MyBB