summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAlexander Hofstede <alexander@mobbr.com>2012-05-17 00:28:08 +0200
committerAlexander Hofstede <alexander@mobbr.com>2012-05-17 00:28:08 +0200
commite2c374fc474f91cc1c04aaae68e15cef6984f494 (patch)
tree1784d0c398b01d1d60a51d5345f14077b62bc602 /system/core
parent55ac2138482154c3aed7d6a6a2b6f196d0a04d9e (diff)
Check cookie against md5 regex.
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser.
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Security.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index a3e227437..6f5ac1ed8 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -848,7 +848,7 @@ class CI_Security {
// each page load since a page could contain embedded
// sub-pages causing this feature to fail
if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
- $_COOKIE[$this->_csrf_cookie_name] != '')
+ preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
{
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}