From 162b1a9824deba1369d756eccc9535544452b479 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 8 Dec 2014 10:59:51 +0200
Subject: Fix 'Array to string conversion' notice in CSRF validation

Rel: #3398
---
 system/core/Security.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'system/core')

diff --git a/system/core/Security.php b/system/core/Security.php
index 6ed0f8d4f..8adc35676 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -977,8 +977,8 @@ class CI_Security {
 			// We don't necessarily want to regenerate it with
 			// each page load since a page could contain embedded
 			// sub-pages causing this feature to fail
-			if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
-				preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
+			if (isset($_COOKIE[$this->_csrf_cookie_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
+				&& preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
 			{
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
-- 
cgit v1.2.3-24-g4f1b