From aeb2c3e532e78be9ac78ba6fd4a305b7be31d2ab Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 21 Aug 2011 16:14:54 +0100 Subject: Added new config parameter "csrf_exclude_uris" which allows for URIs to be whitelisted from CSRF verification. Fixes #149 --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index 1ec65435e..b64b11669 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -292,11 +292,13 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. +| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; +$config['csrf_exclude_uris'] = array(); /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 8cc0cfe1ab1e10aad71d14e0b43e05444c00693d Mon Sep 17 00:00:00 2001 From: freewil Date: Sat, 27 Aug 2011 21:53:00 -0400 Subject: always use charset config item --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index 880393c29..a6d10d8dc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -79,6 +79,8 @@ $config['language'] = 'english'; | This determines which character set is used by default in various methods | that require a character set to be provided. | +| See http://php.net/htmlspecialchars for a list of supported charsets. +| */ $config['charset'] = 'UTF-8'; -- cgit v1.2.3-24-g4f1b