summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-10-08 09:47:22 +0200
committerAndrey Andreev <narf@bofh.bg>2012-10-08 09:47:22 +0200
commit8f8436080ed60dbd680f2792d475bbed944df78c (patch)
treeadfe867287a0085238f819dc3a4c809b718078b0
parent05b3877a792caa23cb4503a976b8c85dec47335f (diff)
Fix issue #1715
-rwxr-xr-xsystem/core/Input.php8
-rw-r--r--user_guide/changelog.html1
2 files changed, 5 insertions, 4 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index fa26777a1..218eed3d7 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -641,8 +641,8 @@ class CI_Input {
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
- // CSRF Protection check
- if ($this->_enable_csrf == TRUE)
+ // CSRF Protection check on HTTP requests
+ if ($this->_enable_csrf == TRUE && $this->is_cli_request())
{
$this->security->csrf_verify();
}
@@ -836,11 +836,11 @@ class CI_Input {
*
* Test to see if a request was made from the command line
*
- * @return boolean
+ * @return bool
*/
public function is_cli_request()
{
- return (php_sapi_name() == 'cli') or defined('STDIN');
+ return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
}
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 2923a6985..9a13add37 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -70,6 +70,7 @@ Change Log
<li>Fixed a bug (#907) - <a href="libraries/input.html">Input Library</a> ignored HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_CLIENT_IP headers when checking for proxies.</li>
<li>Fixed a bug (#940) - <samp>csrf_verify()</samp> used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.</li>
<li>Fixed a bug in the <a href="libraries/security.html">Security Library</a> where a CSRF cookie was created even if <samp>$config['csrf_protection']</samp> is set tot FALSE.</li>
+ <li>Fixed a bug (#1715) - <a href="libraries/input.html">Input Library</a> triggered <samp>csrf_verify()</samp> on CLI requests.</li>
</ul>
<h2>Version 2.1.2</h2>