Permalink
Browse files

Merge pull request #710 from johnnicely/2.1-stable

Changed form_open() to compare $action against base_url().
  • Loading branch information...
2 parents b8188f6 + 9a05d2b commit b9ad907ca50c5067f8eec1ccf77544cf62466b17 Phil Sturgeon committed Nov 27, 2011
Showing with 2 additions and 1 deletion.
  1. +1 −1 system/helpers/form_helper.php
  2. +1 −0 user_guide/changelog.html
@@ -65,7 +65,7 @@ function form_open($action = '', $attributes = '', $hidden = array())
$form .= '>';
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
@@ -71,6 +71,7 @@
<h3>Bug fixes for 2.1.1</h3>
<ul>
<li>Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types.</li>
+ <li>Fixed a bug - form_open() compared $action against site_url() instead of base_url()</li>
</ul>

0 comments on commit b9ad907

Please sign in to comment.