diff options
Diffstat (limited to 'application/core')
-rw-r--r-- | application/core/MY_Controller.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 47dd6a899..63db6c8a5 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -79,7 +79,7 @@ class MY_Controller extends CI_Controller { private function _check_csrf_protection_required() { - if ($this->input->post("apikey") !== false || is_api_client()) { + if ($this->input->post("apikey") !== null || is_api_client()) { /* This relies on the authentication code always verifying the supplied * apikey. If the key is not verified/logged in an attacker could simply * add an empty "apikey" field to the CSRF form to circumvent the |