Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into email

author: Timothy Warren <tim@timshomepage.net> 2012-05-21 14:38:57 +0200
committer: Timothy Warren <tim@timshomepage.net> 2012-05-21 14:38:57 +0200
commit: 4b5616d5dc6ce118a472333b59f23e6eaf735144 (patch)
tree: 45e8c1115e6eedd30575db77dfdd9c8864272c2b /system/core/Security.php
parent: 0ab28ced4d4f20d5857fae9ec0e20452d4ac181b (diff)
parent: 1d79efea47d26e0e567f919c648adf5b554f3ff0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 81b6602ae..f953011eb 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -831,7 +831,7 @@ class CI_Security {
 			// each page load since a page could contain embedded
 			// sub-pages causing this feature to fail
 			if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
-				$_COOKIE[$this->_csrf_cookie_name] != '')
+				preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
 			{
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
@@ -846,4 +846,4 @@ class CI_Security {
 }
 
 /* End of file Security.php */
-/* Location: ./system/core/Security.php */
-\ No newline at end of file
+/* Location: ./system/core/Security.php */
author	Timothy Warren <tim@timshomepage.net>	2012-05-21 14:38:57 +0200
committer	Timothy Warren <tim@timshomepage.net>	2012-05-21 14:38:57 +0200
commit	4b5616d5dc6ce118a472333b59f23e6eaf735144 (patch)
tree	45e8c1115e6eedd30575db77dfdd9c8864272c2b /system/core/Security.php
parent	0ab28ced4d4f20d5857fae9ec0e20452d4ac181b (diff)
parent	1d79efea47d26e0e567f919c648adf5b554f3ff0 (diff)