User Guide Security class missing get_csrf_token_name(), get_csrf_hash() #715

Closed
tomcode opened this Issue Nov 28, 2011 · 7 comments

Comments

Projects
None yet
5 participants
Contributor

tomcode commented Nov 28, 2011

The methods get_csrf_hash() and get_csrf_token_name() of the Security class are not documented in the User Guide, neither in the current version (2.1) nor here in the develop branch.

Hi - just looked through the user guide and the source and these functions are not documented, nor are several others from the security class - however they are all internal functions. Do you use these two for your own processing? As I see it, they don't need documentation in the user guide since they are not used other than by the security class itself?

Let me know - I'll update and send a pull request if you have a case for users to access them directly.

Contributor

tomcode commented Jan 31, 2012

No, currently I do not use them. The project was abandoned. I was evaluating how to secure Ajax requests when I stumbled over them, they are used in the form_helper open_form() method. It looks like they could be useful for these cases.

OK no worries - thanks for getting back; I'll leave the user guide as is. No need to over complicate it!

Contributor

alexbilbie commented Mar 12, 2012

If you aren't using form_open() to echo out the CSRF token and want to implement your own solution for whatever reason - e.g. check it in an AJAX request or something, then the necessary functions aren't documented.

I'll submit a patch with updated documentation.

Contributor

tomcode commented Mar 12, 2012

Cool, thanks.

Lechus commented May 29, 2012

Did you submited the patch to update documentation?

Contributor

narfbg commented Oct 24, 2012

Fixed.

narfbg closed this Oct 24, 2012

@nonchip nonchip pushed a commit to nonchip/CodeIgniter that referenced this issue Jun 29, 2013

@narfbg narfbg [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) ac06372
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment