/**
* Override the csrf_verify method to allow us to set controllers
* and modules to override.
*
*/
public function csrf_verify()
{
global $RTR;
$module = $RTR->fetch_module();
$controller = $RTR->fetch_class();
$bypass = FALSE;
if (in_array($module . '/' . $controller, $this->ignored_controllers)) {
$bypass = TRUE;
}
if (!$bypass) {
parent::csrf_verify();
}
}
/**
* @param $object
* @param $fieldNames
*/
protected function setStringDataFromPost(&$object, $fieldNames)
{
if (isset($this->ModelName) && !is_null($this->ModelName) && $this->ModelName !== '') {
if (is_array($fieldNames) && count($fieldNames) > 0) {
foreach ($fieldNames as $fieldName) {
if (class_exists($this->ModelName) && property_exists($this->ModelName, $fieldName)) {
$value = addslashes($this->security->xss_clean($this->input->post(strtolower($fieldName))));
$object->{'set' . $fieldName}($value);
}
}
}
}
}
/**
* Verify Cross Site Request Forgery Protection
*
* Override the csrf_verify method to allow us to set controllers and
* modules to override.
*
* @return object Returns $this to allow method chaining
*/
public function csrf_verify()
{
if (!empty($this->ignored_controllers)) {
global $RTR;
$module = $RTR->fetch_module();
$controller = $RTR->fetch_class();
$path = empty($module) ? $controller : "{$module}/{$controller}";
if (in_array($path, $this->ignored_controllers)) {
return $this;
}
}
return parent::csrf_verify();
}
function csrf_verify()
{
if (isset($_SERVER['REDIRECT_QUERY_STRING'])) {
$path_segments = explode('/', $_SERVER['REDIRECT_QUERY_STRING']);
$bypass = FALSE;
if ($path_segments[0] == 'home') {
$bypass = TRUE;
}
if (!$bypass) {
parent::csrf_verify();
}
}
}
/**
* Verify Cross Site Request Forgery Protection.
*
* Override the csrf_verify method to allow us to set controllers and modules
* to override.
*
* @return object Returns $this to allow method chaining.
*/
public function csrf_verify()
{
if (!empty($this->ignored_controllers)) {
global $RTR;
$module = $RTR->fetch_module();
$controller = $RTR->class;
$path = empty($module) ? $controller : "{$module}/{$controller}";
if (in_array($path, $this->ignored_controllers)) {
log_message('info', "CSRF verification skipped for '{$path}'");
return $this;
}
}
return parent::csrf_verify();
}
public function csrf_verify()
{
foreach (config_item('csrf_excludes') as $exclude) {
$uri = load_class('URI', 'core');
if (preg_match($exclude, $uri->uri_string()) > 0) {
// still do input filtering to prevent parameter piggybacking in the form
if (isset($_COOKIE[$this->_csrf_cookie_name]) && preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) == 0) {
unset($_COOKIE[$this->_csrf_cookie_name]);
}
return;
}
}
parent::csrf_verify();
}
public function __construct()
{
parent::__construct();
}
/**
* Constructor
*/
public function __construct()
{
parent::__construct();
$this->EE =& get_instance();
}
/**
* Get Request Header
*
* Returns the value of a single member of the headers class member
*
* @param string $index Header name
* @param bool $xss_clean Whether to apply XSS filtering
* @return string|null The requested header on success or NULL on failure
*/
public function get_request_header($index, $xss_clean = FALSE)
{
static $headers;
if (!isset($headers)) {
empty($this->headers) && $this->request_headers();
foreach ($this->headers as $key => $value) {
$headers[strtolower($key)] = $value;
}
}
$index = strtolower($index);
if (!isset($headers[$index])) {
return NULL;
}
return $xss_clean === TRUE ? $this->security->xss_clean($headers[$index]) : $headers[$index];
}
