Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix issue #1715

  • Loading branch information...
commit 8f8436080ed60dbd680f2792d475bbed944df78c 1 parent 05b3877
Andrey Andreev narfbg authored
Showing with 5 additions and 4 deletions.
  1. +4 −4 system/core/Input.php
  2. +1 −0  user_guide/changelog.html
8 system/core/Input.php
View
@@ -641,8 +641,8 @@ function _sanitize_globals()
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
- // CSRF Protection check
- if ($this->_enable_csrf == TRUE)
+ // CSRF Protection check on HTTP requests
+ if ($this->_enable_csrf == TRUE && $this->is_cli_request())
M. Vugteveen
it-can added a note

should this not be: ! $this->is_cli_request() ?

Andrey Andreev Owner
narfbg added a note

Right ... better go get some coffee. :)
Thanks about this one, commited the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
{
$this->security->csrf_verify();
}
@@ -836,11 +836,11 @@ public function is_ajax_request()
*
* Test to see if a request was made from the command line
*
- * @return boolean
+ * @return bool
*/
public function is_cli_request()
{
- return (php_sapi_name() == 'cli') or defined('STDIN');
+ return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
}
1  user_guide/changelog.html
View
@@ -70,6 +70,7 @@
<li>Fixed a bug (#907) - <a href="libraries/input.html">Input Library</a> ignored HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_CLIENT_IP headers when checking for proxies.</li>
<li>Fixed a bug (#940) - <samp>csrf_verify()</samp> used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.</li>
<li>Fixed a bug in the <a href="libraries/security.html">Security Library</a> where a CSRF cookie was created even if <samp>$config['csrf_protection']</samp> is set tot FALSE.</li>
+ <li>Fixed a bug (#1715) - <a href="libraries/input.html">Input Library</a> triggered <samp>csrf_verify()</samp> on CLI requests.</li>
</ul>
<h2>Version 2.1.2</h2>

3 comments on commit 8f84360

M. Vugteveen

Uuhm, the commit is not showing up when I fetch it... ?

Andrey Andreev
Owner

The commit is on 2.1-stable, you're most likely fetching from develop where it will be manually applied later.

M. Vugteveen

oooooww... you're right...

M. Vugteveen

should this not be: ! $this->is_cli_request() ?

Andrey Andreev

Right ... better go get some coffee. :)
Thanks about this one, commited the fix.

Please sign in to comment.
Something went wrong with that request. Please try again.