• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF Strange error suggestion

i have face problem with CSRF in real Hosting not in local server, in order to allow multiple tab in Codeigniter CSRF have to disable 
$config['csrf_regenerate'] = FALSE;
 yeah problem is fix but another problem is remain and it strange look code below:
<?php echo form_open(); ?>
    <small class="language-switcher" title="<?php echo ($this->session->userdata('camfone_lang') == 'en')? 'change to khmer' : 'change to english';?>">
    echo ($this->session->userdata('camfone_lang') == 'en')
        ? '<button type="submit" name="kh_lang">ខ្មែរ</button>'
        : '<button type="submit" name="en_lang">English</button>';
        <i class="fa fa-globe fa-lg" aria-hidden="true"></i>
   <?php echo form_close(); ?>

the form is post in self like domain-name.com when i click language change it will error 403
in order to fix this strange error have to extent Security Class in core folder:
defined('BASEPATH') OR exit('No direct script access allowed');

class MY_Security extends CI_Security {
    public function __construct()
    public function csrf_show_error()
        // show_error('The action you have requested is not allowed.');  // default code
       // force redirect to the csrf_redirect function
       // this gives the user a useful message instructing them to login again
       // while the CSRF cookie is also refreshed to allow a new login
        header('Location: ' . htmlspecialchars($_SERVER['REQUEST_URI']), TRUE, 200);


my suggestion is it possible to set Default regenerate to FALSE
and if is good to Apply this strange error with redirect self to csrf_show_error
for Next CI 3x patch

Thank in advance.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

Users browsing this thread:
1 Guest(s)

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.