diff options
| author | Andrey Andreev <narf@bofh.bg> | 2012-05-17 10:55:43 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2012-05-17 10:55:43 +0200 |
| commit | 9394f8040ee989e2dfeec42732bc06e52c5ee0c6 (patch) | |
| tree | 4abbf8b47cb1acd956c9755cc4ad04ef983609cc /system | |
| parent | e463c4d71c2fdcc224e70f7576582220ae64e3d7 (diff) | |
| parent | 8f04c69fe65ddc2604425eaee811b50a909d905f (diff) | |
Merge pull request #1366 from aphofstede/2.1-stable
Check cookie against md5 regex. 2.1 stable CSRF injection security fix
Diffstat (limited to 'system')
| -rwxr-xr-x | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index a3e227437..6f5ac1ed8 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -848,7 +848,7 @@ class CI_Security { // each page load since a page could contain embedded // sub-pages causing this feature to fail if (isset($_COOKIE[$this->_csrf_cookie_name]) && - $_COOKIE[$this->_csrf_cookie_name] != '') + preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } |