summaryrefslogtreecommitdiffstats
path: root/system/helpers/form_helper.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2017-01-10 12:16:14 +0100
committerAndrey Andreev <narf@devilix.net>2017-01-10 12:16:14 +0100
commit27647c9a8b5cd5a0e1fd78123316f359fe61a672 (patch)
treee9e27e579a380ebcc449265460a47bf97013b1a4 /system/helpers/form_helper.php
parent79fad9b16fca72f6c15913dd5296400f19136576 (diff)
parent8f9ab65270ae033c5637f8a7d26ae834e9a71d5e (diff)
Merge branch '3.1-stable' into develop
Conflicts resolved: system/core/CodeIgniter.php system/database/drivers/sqlite/sqlite_driver.php system/database/drivers/sqlite/sqlite_forge.php system/database/drivers/sqlite/sqlite_result.php system/database/drivers/sqlite/sqlite_utility.php system/helpers/email_helper.php system/helpers/smiley_helper.php system/libraries/Cart.php system/libraries/Email.php system/libraries/Image_lib.php system/libraries/Javascript.php system/libraries/Javascript/Jquery.php system/libraries/Session/SessionHandlerInterface.php user_guide_src/source/changelog.rst user_guide_src/source/installation/downloads.rst user_guide_src/source/installation/upgrading.rst
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r--system/helpers/form_helper.php41
1 files changed, 35 insertions, 6 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 9844c752a..4a4a7c89f 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -90,12 +90,6 @@ if ( ! function_exists('form_open'))
$form = '<form action="'.$action.'"'.$attributes.">\n";
- // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
- {
- $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
- }
-
if (is_array($hidden))
{
foreach ($hidden as $name => $value)
@@ -104,6 +98,41 @@ if ( ! function_exists('form_open'))
}
}
+ // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
+ if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
+ {
+ // Prepend/append random-length "white noise" around the CSRF
+ // token input, as a form of protection against BREACH attacks
+ if (FALSE !== ($noise = $CI->security->get_random_bytes(1)))
+ {
+ list(, $noise) = unpack('c', $noise);
+ }
+ else
+ {
+ $noise = mt_rand(-128, 127);
+ }
+
+ // Prepend if $noise has a negative value, append if positive, do nothing for zero
+ $prepend = $append = '';
+ if ($noise < 0)
+ {
+ $prepend = str_repeat(" ", abs($noise));
+ }
+ elseif ($noise > 0)
+ {
+ $append = str_repeat(" ", $noise);
+ }
+
+ $form .= sprintf(
+ '%s<input type="hidden" name="%s" value="%s" />%s%s',
+ $prepend,
+ $CI->security->get_csrf_token_name(),
+ $CI->security->get_csrf_hash(),
+ $append,
+ "\n"
+ );
+ }
+
return $form;
}
}