summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/CodeIgniter.php2
-rw-r--r--system/core/Input.php20
-rw-r--r--system/core/Security.php9
3 files changed, 7 insertions, 24 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 410b9613b..977d1427d 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -281,7 +281,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* Load the security class for xss and csrf support
* -----------------------------------------------------
*/
- $SEC =& load_class('Security', 'core');
+ $SEC =& load_class('Security', 'core', $charset);
/*
* ------------------------------------------------------
diff --git a/system/core/Input.php b/system/core/Input.php
index d881e253d..ab60e45c3 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -58,16 +58,6 @@ class CI_Input {
protected $ip_address = FALSE;
/**
- * Enable CSRF flag
- *
- * Enables a CSRF cookie token to be set.
- * Set automatically based on config setting.
- *
- * @var bool
- */
- protected $_enable_csrf = FALSE;
-
- /**
* List of all HTTP request headers
*
* @var array
@@ -115,15 +105,7 @@ class CI_Input {
*/
public function __construct(CI_Security &$security)
{
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- $this->security = $security;
-
- // CSRF Protection check
- if ($this->_enable_csrf === TRUE && ! is_cli())
- {
- $this->security->csrf_verify();
- }
-
+ $this->security = $security;
log_message('info', 'Input Class Initialized');
}
diff --git a/system/core/Security.php b/system/core/Security.php
index a80b52fd1..fb0ca3d4e 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -167,10 +167,12 @@ class CI_Security {
*
* @return void
*/
- public function __construct()
+ public function __construct($charset)
{
+ $this->charset = $charset;
+
// Is CSRF protection enabled?
- if (config_item('csrf_protection'))
+ if (config_item('csrf_protection') && ! is_cli())
{
// CSRF config
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
@@ -189,10 +191,9 @@ class CI_Security {
// Set the CSRF hash
$this->_csrf_set_hash();
+ $this->csrf_verify();
}
- $this->charset = strtoupper(config_item('charset'));
-
log_message('info', 'Security Class Initialized');
}