diff options
author | Andrey Andreev <narf@devilix.net> | 2017-01-10 12:16:14 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-01-10 12:16:14 +0100 |
commit | 27647c9a8b5cd5a0e1fd78123316f359fe61a672 (patch) | |
tree | e9e27e579a380ebcc449265460a47bf97013b1a4 /system/helpers | |
parent | 79fad9b16fca72f6c15913dd5296400f19136576 (diff) | |
parent | 8f9ab65270ae033c5637f8a7d26ae834e9a71d5e (diff) |
Merge branch '3.1-stable' into develop
Conflicts resolved:
system/core/CodeIgniter.php
system/database/drivers/sqlite/sqlite_driver.php
system/database/drivers/sqlite/sqlite_forge.php
system/database/drivers/sqlite/sqlite_result.php
system/database/drivers/sqlite/sqlite_utility.php
system/helpers/email_helper.php
system/helpers/smiley_helper.php
system/libraries/Cart.php
system/libraries/Email.php
system/libraries/Image_lib.php
system/libraries/Javascript.php
system/libraries/Javascript/Jquery.php
system/libraries/Session/SessionHandlerInterface.php
user_guide_src/source/changelog.rst
user_guide_src/source/installation/downloads.rst
user_guide_src/source/installation/upgrading.rst
Diffstat (limited to 'system/helpers')
-rw-r--r-- | system/helpers/form_helper.php | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 9844c752a..4a4a7c89f 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -90,12 +90,6 @@ if ( ! function_exists('form_open')) $form = '<form action="'.$action.'"'.$attributes.">\n"; - // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites - if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"')) - { - $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); - } - if (is_array($hidden)) { foreach ($hidden as $name => $value) @@ -104,6 +98,41 @@ if ( ! function_exists('form_open')) } } + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"')) + { + // Prepend/append random-length "white noise" around the CSRF + // token input, as a form of protection against BREACH attacks + if (FALSE !== ($noise = $CI->security->get_random_bytes(1))) + { + list(, $noise) = unpack('c', $noise); + } + else + { + $noise = mt_rand(-128, 127); + } + + // Prepend if $noise has a negative value, append if positive, do nothing for zero + $prepend = $append = ''; + if ($noise < 0) + { + $prepend = str_repeat(" ", abs($noise)); + } + elseif ($noise > 0) + { + $append = str_repeat(" ", $noise); + } + + $form .= sprintf( + '%s<input type="hidden" name="%s" value="%s" />%s%s', + $prepend, + $CI->security->get_csrf_token_name(), + $CI->security->get_csrf_hash(), + $append, + "\n" + ); + } + return $form; } } |