diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-07-14 01:22:28 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-07-14 01:22:28 +0200 |
| commit | 466af6c937bb7402cafe4f6c1392df7ccc526953 (patch) | |
| tree | 42e92ab9eb34cc87bc6335f5578b2d7177daa84b | |
| parent | 35a7b44d6515e5ceae0151119a56904296a32ee5 (diff) | |
| parent | 2761ff49f406d43c749ea87f7d5ebd4e2b7c3197 (diff) | |
Merge pull request #3134 from kdazzle/patch-1
Return 403 instead of 500 if no CSRF token given
| -rwxr-xr-x | system/core/Security.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index c4621d588..68e345c54 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -275,7 +275,7 @@ class CI_Security { */ public function csrf_show_error() { - show_error('The action you have requested is not allowed.'); + show_error('The action you have requested is not allowed.', 403); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index bcdb12feb..d2bb195b6 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -507,6 +507,7 @@ Release Date: Not Released - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. + - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. - :doc:`Language Library <libraries/language>` changes include: |