summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-05-17 10:55:43 +0200
committerAndrey Andreev <narf@bofh.bg>2012-05-17 10:55:43 +0200
commit9394f8040ee989e2dfeec42732bc06e52c5ee0c6 (patch)
tree4abbf8b47cb1acd956c9755cc4ad04ef983609cc /system/core
parente463c4d71c2fdcc224e70f7576582220ae64e3d7 (diff)
parent8f04c69fe65ddc2604425eaee811b50a909d905f (diff)
Merge pull request #1366 from aphofstede/2.1-stable
Check cookie against md5 regex. 2.1 stable CSRF injection security fix
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Security.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index a3e227437..6f5ac1ed8 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -848,7 +848,7 @@ class CI_Security {
// each page load since a page could contain embedded
// sub-pages causing this feature to fail
if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
- $_COOKIE[$this->_csrf_cookie_name] != '')
+ preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
{
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}