Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #710 from johnnicely/2.1-stable

Changed form_open() to compare $action against base_url().
  • Loading branch information...
commit b9ad907ca50c5067f8eec1ccf77544cf62466b17 2 parents b8188f6 + 9a05d2b
@philsturgeon philsturgeon authored
Showing with 2 additions and 1 deletion.
  1. +1 −1  system/helpers/form_helper.php
  2. +1 −0  user_guide/changelog.html
View
2  system/helpers/form_helper.php
@@ -65,7 +65,7 @@ function form_open($action = '', $attributes = '', $hidden = array())
$form .= '>';
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
View
1  user_guide/changelog.html
@@ -71,6 +71,7 @@
<h3>Bug fixes for 2.1.1</h3>
<ul>
<li>Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types.</li>
+ <li>Fixed a bug - form_open() compared $action against site_url() instead of base_url()</li>
</ul>
Please sign in to comment.
Something went wrong with that request. Please try again.