/** * Override the csrf_verify method to allow us to set controllers * and modules to override. * */ public function csrf_verify() { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->fetch_class(); $bypass = FALSE; if (in_array($module . '/' . $controller, $this->ignored_controllers)) { $bypass = TRUE; } if (!$bypass) { parent::csrf_verify(); } }
/** * Verify Cross Site Request Forgery Protection * * Override the csrf_verify method to allow us to set controllers and * modules to override. * * @return object Returns $this to allow method chaining */ public function csrf_verify() { if (!empty($this->ignored_controllers)) { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->fetch_class(); $path = empty($module) ? $controller : "{$module}/{$controller}"; if (in_array($path, $this->ignored_controllers)) { return $this; } } return parent::csrf_verify(); }
function csrf_verify() { if (isset($_SERVER['REDIRECT_QUERY_STRING'])) { $path_segments = explode('/', $_SERVER['REDIRECT_QUERY_STRING']); $bypass = FALSE; if ($path_segments[0] == 'home') { $bypass = TRUE; } if (!$bypass) { parent::csrf_verify(); } } }
/** * Verify Cross Site Request Forgery Protection. * * Override the csrf_verify method to allow us to set controllers and modules * to override. * * @return object Returns $this to allow method chaining. */ public function csrf_verify() { if (!empty($this->ignored_controllers)) { global $RTR; $module = $RTR->fetch_module(); $controller = $RTR->class; $path = empty($module) ? $controller : "{$module}/{$controller}"; if (in_array($path, $this->ignored_controllers)) { log_message('info', "CSRF verification skipped for '{$path}'"); return $this; } } return parent::csrf_verify(); }
public function csrf_verify() { foreach (config_item('csrf_excludes') as $exclude) { $uri = load_class('URI', 'core'); if (preg_match($exclude, $uri->uri_string()) > 0) { // still do input filtering to prevent parameter piggybacking in the form if (isset($_COOKIE[$this->_csrf_cookie_name]) && preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) == 0) { unset($_COOKIE[$this->_csrf_cookie_name]); } return; } } parent::csrf_verify(); }
/** * Class constructor * * Determines whether to globally enable the XSS processing * and whether to allow the $_GET array. * * @return void */ public function __construct() { $this->_enable_csrf = config_item('csrf_protection') === TRUE; $this->security =& load_class('Security', 'core'); // CSRF Protection check if ($this->_enable_csrf === TRUE && !is_cli()) { $this->security->csrf_verify(); } log_message('info', 'Input Class Initialized'); }