/** * Override the csrf_verify method to allow us to set controllers * and modules to override. * */ public function csrf_verify() { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->fetch_class(); $bypass = FALSE; if (in_array($module . '/' . $controller, $this->ignored_controllers)) { $bypass = TRUE; } if (!$bypass) { parent::csrf_verify(); } }
/** * @param $object * @param $fieldNames */ protected function setStringDataFromPost(&$object, $fieldNames) { if (isset($this->ModelName) && !is_null($this->ModelName) && $this->ModelName !== '') { if (is_array($fieldNames) && count($fieldNames) > 0) { foreach ($fieldNames as $fieldName) { if (class_exists($this->ModelName) && property_exists($this->ModelName, $fieldName)) { $value = addslashes($this->security->xss_clean($this->input->post(strtolower($fieldName)))); $object->{'set' . $fieldName}($value); } } } } }
/** * Verify Cross Site Request Forgery Protection * * Override the csrf_verify method to allow us to set controllers and * modules to override. * * @return object Returns $this to allow method chaining */ public function csrf_verify() { if (!empty($this->ignored_controllers)) { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->fetch_class(); $path = empty($module) ? $controller : "{$module}/{$controller}"; if (in_array($path, $this->ignored_controllers)) { return $this; } } return parent::csrf_verify(); }
function csrf_verify() { if (isset($_SERVER['REDIRECT_QUERY_STRING'])) { $path_segments = explode('/', $_SERVER['REDIRECT_QUERY_STRING']); $bypass = FALSE; if ($path_segments[0] == 'home') { $bypass = TRUE; } if (!$bypass) { parent::csrf_verify(); } } }
/** * Verify Cross Site Request Forgery Protection. * * Override the csrf_verify method to allow us to set controllers and modules * to override. * * @return object Returns $this to allow method chaining. */ public function csrf_verify() { if (!empty($this->ignored_controllers)) { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->class; $path = empty($module) ? $controller : "{$module}/{$controller}"; if (in_array($path, $this->ignored_controllers)) { log_message('info', "CSRF verification skipped for '{$path}'"); return $this; } } return parent::csrf_verify(); }
public function csrf_verify() { foreach (config_item('csrf_excludes') as $exclude) { $uri = load_class('URI', 'core'); if (preg_match($exclude, $uri->uri_string()) > 0) { // still do input filtering to prevent parameter piggybacking in the form if (isset($_COOKIE[$this->_csrf_cookie_name]) && preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) == 0) { unset($_COOKIE[$this->_csrf_cookie_name]); } return; } } parent::csrf_verify(); }
public function __construct() { parent::__construct(); }
/** * Constructor */ public function __construct() { parent::__construct(); $this->EE =& get_instance(); }
/** * Get Request Header * * Returns the value of a single member of the headers class member * * @param string $index Header name * @param bool $xss_clean Whether to apply XSS filtering * @return string|null The requested header on success or NULL on failure */ public function get_request_header($index, $xss_clean = FALSE) { static $headers; if (!isset($headers)) { empty($this->headers) && $this->request_headers(); foreach ($this->headers as $key => $value) { $headers[strtolower($key)] = $value; } } $index = strtolower($index); if (!isset($headers[$index])) { return NULL; } return $xss_clean === TRUE ? $this->security->xss_clean($headers[$index]) : $headers[$index]; }