Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue #499 #1087

Merged
merged 11 commits into from Mar 5, 2012
Merged

Fix issue #499 #1087

merged 11 commits into from Mar 5, 2012

Conversation

narfbg
Copy link
Contributor

@narfbg narfbg commented Feb 27, 2012

The Security class constructor used to initialize all CSRF-related properties and call _csrf_set_hash() regardless of $config['csrf_protection']'s value.

Also replaced an ! isset($var) OR ! $var expression with empty($var) and removed a few spaces on the way.

@narfbg narfbg mentioned this pull request Feb 27, 2012
Closed
it-can
it-can reviewed Feb 29, 2012
View reviewed changes
system/core/Security.php
@@ -189,7 +191,7 @@ public function csrf_set_cookie()
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');

if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS']))
if ($secure_cookie && (empty($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] === 'off'))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's an idea to declare a function that checks if HTTPS is true or false...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess some people might find it useful, but the check performed is way too simple.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I created a pull request for a is_https() function...

#1094

@narfbg narfbg mentioned this pull request Feb 29, 2012
Closed
narfbg added a commit that referenced this pull request Mar 5, 2012
@narfbg
Merge pull request #1087 from narfbg/develop-issue-499
e1ae17d 
Fix issue #499
@narfbg narfbg merged commit e1ae17d into bcit-ci:develop Mar 5, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@narfbg @it-can