diff options
author | Andrey Andreev <narf@devilix.net> | 2019-08-02 14:53:03 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2019-08-02 14:53:03 +0200 |
commit | ba67b297d1e2baa281eed2cc7bf1fb16742cde87 (patch) | |
tree | f0cb98f139df271b26e6b1776496240b46a349b3 | |
parent | 3a42dcd943ee6dff5551b4da96c4102bdca63083 (diff) |
[ci skip] Fix a CSRF-related bug
-rw-r--r-- | system/core/Security.php | 1 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 883968e26..6a81faff1 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -228,6 +228,7 @@ class CI_Security { // Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate $valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]) + && is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name]) && hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]); // We kill this since we're done and we don't want to pollute the _POST array diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6d867048f..4db7ad538 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -28,6 +28,7 @@ Bug fixes for 3.1.11 - Fixed a bug (#5774) - :doc:`Database Results <database/results>` method ``custom_result_object()`` didn't properly handle empty result sets, triggering ``E_WARNING`` messages on PHP 7.2+. - Fixed a bug (#5788) - :doc:`Database Results <database/results>` method ``field_data()`` triggered an ``E_NOTICE`` error with PDO when a field type is not recognized by PHP. - Fixed a bug (#5796) - :doc:`Query Builder <database/query_builder>` method ``list_tables()`` triggered an SQL syntax error under MySQL when the database schema is a numeric string. +- Fixed a bug where :doc:`Security Class <libraries/security>` would trigger an ``E_WARNING`` if CSRF inputs are arrays instead of strings. Version 3.1.10 ============== |