diff options
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Controller.php | 7 | ||||
| -rw-r--r-- | system/core/Security.php | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/system/core/Controller.php b/system/core/Controller.php index 2bb157802..e25b8472c 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -59,6 +59,13 @@ class CI_Controller { private static $instance; /** + * CI_Loader + * + * @var CI_Loader + */ + public $load; + + /** * Class constructor * * @return void diff --git a/system/core/Security.php b/system/core/Security.php index 27b4db69d..5edb67f4e 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -229,6 +229,7 @@ class CI_Security { // Check CSRF token validity, but don't error on mismatch just yet - we'll want to regenerate $valid = isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]) + && is_string($_POST[$this->_csrf_token_name]) && is_string($_COOKIE[$this->_csrf_cookie_name]) && hash_equals($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]); // We kill this since we're done and we don't want to pollute the _POST array |