diff options
author | Andrey Andreev <narf@devilix.net> | 2019-09-19 18:54:50 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2019-09-19 18:54:50 +0200 |
commit | 85817aa7abc1a877cc9e0e39dcda2a6811ecc1fd (patch) | |
tree | ca736243cb68029d7ebf95dfcc11ffb3f2bcae83 /system/core | |
parent | fdb85f52096460b2488a036cb6145861cc577da1 (diff) | |
parent | f4502e4ad6d8a595e472b85a5e0bc3f552b63306 (diff) |
Merge branch '3.1-stable' into develop
Conflicts resolved:
system/core/CodeIgniter.php
system/libraries/Cache/drivers/Cache_redis.php
system/libraries/Session/drivers/Session_redis_driver.php
user_guide_src/source/changelog.rst
user_guide_src/source/conf.py
user_guide_src/source/installation/downloads.rst
user_guide_src/source/installation/upgrading.rst
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Controller.php | 7 | ||||
-rw-r--r-- | system/core/Security.php | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/system/core/Controller.php b/system/core/Controller.php index 2bb157802..e25b8472c 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -59,6 +59,13 @@ class CI_Controller { private static $instance; /** + * CI_Loader + * + * @var CI_Loader + */ + public $load; + + /** * Class constructor * * @return void diff --git a/system/core/Security.php b/system/core/Security.php index 27b4db69d..5edb67f4e 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -229,6 +229,7 @@ class CI_Security { // Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate $valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]) + && is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name]) && hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]); // We kill this since we're done and we don't want to pollute the _POST array |