Merge branch '3.1-stable' into develop

Conflicts resolved: system/core/CodeIgniter.php system/libraries/Cache/drivers/Cache_redis.php system/libraries/Session/drivers/Session_redis_driver.php user_guide_src/source/changelog.rst user_guide_src/source/conf.py user_guide_src/source/installation/downloads.rst user_guide_src/source/installation/upgrading.rst
author: Andrey Andreev <narf@devilix.net> 2019-09-19 18:54:50 +0200
committer: Andrey Andreev <narf@devilix.net> 2019-09-19 18:54:50 +0200
commit: 85817aa7abc1a877cc9e0e39dcda2a6811ecc1fd (patch)
tree: ca736243cb68029d7ebf95dfcc11ffb3f2bcae83 /system/core/Security.php
parent: fdb85f52096460b2488a036cb6145861cc577da1 (diff)
parent: f4502e4ad6d8a595e472b85a5e0bc3f552b63306 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 27b4db69d..5edb67f4e 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -229,6 +229,7 @@ class CI_Security {
 
 		// Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate
 		$valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
+			&& is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
 			&& hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]);
 
 		// We kill this since we're done and we don't want to pollute the _POST array
author	Andrey Andreev <narf@devilix.net>	2019-09-19 18:54:50 +0200
committer	Andrey Andreev <narf@devilix.net>	2019-09-19 18:54:50 +0200
commit	85817aa7abc1a877cc9e0e39dcda2a6811ecc1fd (patch)
tree	ca736243cb68029d7ebf95dfcc11ffb3f2bcae83 /system/core/Security.php
parent	fdb85f52096460b2488a036cb6145861cc577da1 (diff)
parent	f4502e4ad6d8a595e472b85a5e0bc3f552b63306 (diff)