diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/CodeIgniter.php | 2 | ||||
-rw-r--r-- | system/core/Input.php | 20 | ||||
-rw-r--r-- | system/core/Security.php | 9 |
3 files changed, 7 insertions, 24 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 410b9613b..977d1427d 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -281,7 +281,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * Load the security class for xss and csrf support * ----------------------------------------------------- */ - $SEC =& load_class('Security', 'core'); + $SEC =& load_class('Security', 'core', $charset); /* * ------------------------------------------------------ diff --git a/system/core/Input.php b/system/core/Input.php index d881e253d..ab60e45c3 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -58,16 +58,6 @@ class CI_Input { protected $ip_address = FALSE; /** - * Enable CSRF flag - * - * Enables a CSRF cookie token to be set. - * Set automatically based on config setting. - * - * @var bool - */ - protected $_enable_csrf = FALSE; - - /** * List of all HTTP request headers * * @var array @@ -115,15 +105,7 @@ class CI_Input { */ public function __construct(CI_Security &$security) { - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); - $this->security = $security; - - // CSRF Protection check - if ($this->_enable_csrf === TRUE && ! is_cli()) - { - $this->security->csrf_verify(); - } - + $this->security = $security; log_message('info', 'Input Class Initialized'); } diff --git a/system/core/Security.php b/system/core/Security.php index a80b52fd1..fb0ca3d4e 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -167,10 +167,12 @@ class CI_Security { * * @return void */ - public function __construct() + public function __construct($charset) { + $this->charset = $charset; + // Is CSRF protection enabled? - if (config_item('csrf_protection')) + if (config_item('csrf_protection') && ! is_cli()) { // CSRF config foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) @@ -189,10 +191,9 @@ class CI_Security { // Set the CSRF hash $this->_csrf_set_hash(); + $this->csrf_verify(); } - $this->charset = strtoupper(config_item('charset')); - log_message('info', 'Security Class Initialized'); } |