diff options
| author | Andrey Andreev <narf@bofh.bg> | 2012-01-08 04:19:53 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2012-01-08 04:19:53 +0100 |
| commit | bf70d6245046d743573c604aeda3280870e19e41 (patch) | |
| tree | 63e5dd015b2121bc547ed2ecadbb80dfda3cfb3d /system/core/Security.php | |
| parent | bb488dc3d4bbac9ac9a1860f066069e4bb4afdcb (diff) | |
| parent | 352d60e9f3a65def29e02a4507ef742eac255333 (diff) | |
Merge remote-tracking branch 'upstream/develop' into develop-core-security
Diffstat (limited to 'system/core/Security.php')
| -rwxr-xr-x | system/core/Security.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index d0d3c0803..f09298bba 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -169,9 +169,14 @@ class CI_Security { // polute the _POST array unset($_POST[$this->_csrf_token_name]); - // Nothing should last forever - unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + // Regenerate on every submission? + if (config_item('csrf_regenerate')) + { + // Nothing should last forever + unset($_COOKIE[$this->_csrf_cookie_name]); + $this->_csrf_hash = ''; + } + $this->_csrf_set_hash(); $this->csrf_set_cookie(); |