From f795ab52dadaef20afd3a97ad4c8ed408e211dc2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 21:28:25 +0300 Subject: [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 2fbc5b34c..d7c82712d 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -161,7 +161,7 @@ class CI_Security { } // Do the tokens exist in both the _POST and _COOKIE arrays? - if ( ! isset($_POST[$this->_csrf_token_name]) OR ! isset($_COOKIE[$this->_csrf_cookie_name]) + if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]) OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match? { $this->csrf_show_error(); -- cgit v1.2.3-24-g4f1b