• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF Strange error suggestion

#1
i have face problem with CSRF in real Hosting not in local server, in order to allow multiple tab in Codeigniter CSRF have to disable 
Code:
$config['csrf_regenerate'] = FALSE;
 yeah problem is fix but another problem is remain and it strange look code below:
Code:
<?php echo form_open(); ?>
    <small class="language-switcher" title="<?php echo ($this->session->userdata('camfone_lang') == 'en')? 'change to khmer' : 'change to english';?>">
   <?php
    echo ($this->session->userdata('camfone_lang') == 'en')
        ? '<button type="submit" name="kh_lang">ខ្មែរ</button>'
        : '<button type="submit" name="en_lang">English</button>';
   ?>
   
        <span>|</span>
        <i class="fa fa-globe fa-lg" aria-hidden="true"></i>
    </small>
 
   <?php echo form_close(); ?>

the form is post in self like domain-name.com when i click language change it will error 403
in order to fix this strange error have to extent Security Class in core folder:
Code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class MY_Security extends CI_Security {
    
    public function __construct()
    {
      parent::__construct();
    }
    
    public function csrf_show_error()
    {
        // show_error('The action you have requested is not allowed.');  // default code
    
       // force redirect to the csrf_redirect function
       // this gives the user a useful message instructing them to login again
       // while the CSRF cookie is also refreshed to allow a new login
        header('Location: ' . htmlspecialchars($_SERVER['REQUEST_URI']), TRUE, 200);
    }
}

?>

my suggestion is it possible to set Default regenerate to FALSE
and if is good to Apply this strange error with redirect self to csrf_show_error
for Next CI 3x patch

Thank in advance.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.