From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:31:08 -0500 Subject: Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented --- system/libraries/Session.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'system/libraries/Session.php') diff --git a/system/libraries/Session.php b/system/libraries/Session.php index cf6dc96e3..f413c0d1b 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -65,6 +65,11 @@ class CI_Session { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } + if ($this->encryption_key == '') + { + show_error('In order to use the Session class you are required to set an encryption key in your config file.'); + } + // Load the string helper so we can use the strip_slashes() function $this->CI->load->helper('string'); -- cgit v1.2.3-24-g4f1b