summaryrefslogtreecommitdiffstats
path: root/system/helpers/form_helper.php
diff options
context:
space:
mode:
authorPascal Kriete <pascal@pascalkriete.com>2011-08-12 18:54:13 +0200
committerPascal Kriete <pascal@pascalkriete.com>2011-08-12 18:54:13 +0200
commitc4f024641ab69ed9cce62a2864e47e060b81048b (patch)
treea4de86c0c6e95e6042ce66e84bdcd0c18c51d643 /system/helpers/form_helper.php
parentabccc2fa65eea5f64773952661a8ba79e559333b (diff)
parentb0eae5f81a4cb92911bb215ad814ae5caef4f61d (diff)
Merging - fingers crossed
Conflicts: system/database/drivers/mysql/mysql_driver.php system/database/drivers/mysqli/mysqli_driver.php system/libraries/Email.php user_guide/changelog.html user_guide/database/configuration.html user_guide/helpers/url_helper.html user_guide/libraries/cart.html user_guide/libraries/form_validation.html
Diffstat (limited to 'system/helpers/form_helper.php')
-rw-r--r--system/helpers/form_helper.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 2925d3c7c..5720a06ec 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -64,8 +64,8 @@ if ( ! function_exists('form_open'))
$form .= '>';
- // CSRF
- if ($CI->config->item('csrf_protection') === TRUE)
+ // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
+ if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}