summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2019-08-02 14:53:03 +0200
committerAndrey Andreev <narf@devilix.net>2019-08-02 14:53:03 +0200
commitba67b297d1e2baa281eed2cc7bf1fb16742cde87 (patch)
treef0cb98f139df271b26e6b1776496240b46a349b3 /system/core
parent3a42dcd943ee6dff5551b4da96c4102bdca63083 (diff)
[ci skip] Fix a CSRF-related bug
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Security.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 883968e26..6a81faff1 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -228,6 +228,7 @@ class CI_Security {
// Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate
$valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])
+ && is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
&& hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]);
// We kill this since we're done and we don't want to pollute the _POST array