diff options
| -rwxr-xr-x | system/core/Input.php | 8 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 5 insertions, 4 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index fa26777a1..218eed3d7 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -641,8 +641,8 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check - if ($this->_enable_csrf == TRUE) + // CSRF Protection check on HTTP requests + if ($this->_enable_csrf == TRUE && $this->is_cli_request()) { $this->security->csrf_verify(); } @@ -836,11 +836,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 2923a6985..9a13add37 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -70,6 +70,7 @@ Change Log <li>Fixed a bug (#907) - <a href="libraries/input.html">Input Library</a> ignored HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_CLIENT_IP headers when checking for proxies.</li> <li>Fixed a bug (#940) - <samp>csrf_verify()</samp> used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.</li> <li>Fixed a bug in the <a href="libraries/security.html">Security Library</a> where a CSRF cookie was created even if <samp>$config['csrf_protection']</samp> is set tot FALSE.</li> + <li>Fixed a bug (#1715) - <a href="libraries/input.html">Input Library</a> triggered <samp>csrf_verify()</samp> on CLI requests.</li> </ul> <h2>Version 2.1.2</h2> |