Disable CSRF token regeneration for multipaste AJAX

If regeneration is on, the token is recreated after the first AJAX submit and subsequent ajax submits or normal form submits break. By disabling it here, we limit potential security issues to only this page, but it also only works if the user does not submit any other forms while they are on the AJAX page. Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2019-01-28 16:02:39 +0100
committer: Florian Pritz <bluewind@xinu.at> 2019-01-28 17:27:26 +0100
commit: b6cc01ee98cbd75f80434250beb0ab7d1f708644 (patch)
tree: a7527c851db9076e480d9b9fcd26e934887120e7 /application/core/MY_Controller.php
parent: 7d0557f9c79c130c4de0f8af810d0881d19c58d0 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
index a3b6d15d7..250c9d95c 100644
--- a/application/core/MY_Controller.php
+++ b/application/core/MY_Controller.php
@@ -117,6 +117,11 @@ class MY_Controller extends CI_Controller {
 		// 2 functions for accessing config options, really?
 		$this->config->set_item('csrf_protection', true);
 		config_item("csrf_protection", true);
+
+		if ($this->uri->uri_string() == "file/multipaste/ajax_submit") {
+			$this->config->set_item('csrf_regenerate', false);
+		}
+
 		$this->security->__construct();
 		$this->security->csrf_verify();
 	}
author	Florian Pritz <bluewind@xinu.at>	2019-01-28 16:02:39 +0100
committer	Florian Pritz <bluewind@xinu.at>	2019-01-28 17:27:26 +0100
commit	b6cc01ee98cbd75f80434250beb0ab7d1f708644 (patch)
tree	a7527c851db9076e480d9b9fcd26e934887120e7 /application/core/MY_Controller.php
parent	7d0557f9c79c130c4de0f8af810d0881d19c58d0 (diff)