We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

CSRF Vulnerabilities and Code Igniter plugin

September 29, 2008 8:13pm

Subscribe [16]

  • #16 / Jan 23, 2009 5:26pm

    TWP Marketing

    596 posts

    FIXED: the function getCSRFToken() is located outside of the class brackets in MY_Input.php and I “cleaned up” all the function brackets and missed where the class ended. My bad.
    —-
    Bill, I’m getting this error from your CSRF code

    Fatal error: Call to undefined function getCSRFToken() in W:\www\gfg\system\helpers\form_helper.php on line 64

    I’ve autoloaded the CI input library, which should have accessed your MY_Input library, which is installed in system/applications/libraries and the MY_ prefix is set in the config file.
    I’ve also loaded the ‘form_helper’ helper file, which is where the error points, but I have no idea why the function cannot be found.

    Any suggestions on why it is failing?

  • #17 / Jan 23, 2009 9:03pm

    Tom Schlick

    386 posts

    i see that this was posted in sept. has this been patched in the 1.7 version of CI?

  • #18 / Jan 25, 2009 2:39pm

    TWP Marketing

    596 posts

    trs21219,
    I’m not sure which post you are referring to.  The reason I “cleaned up” the CSRF code in my copy was because the author uses the convention of NOT closing the function brackets, which is legal in php, if there is another function call or the end of the file following the ‘missing’ bracket.  I don’t subscribe to this practice as it slightly more difficult to read.

      If you are referring to the date of the first post in this thread, I don’t think there has been an update.  I downloaded my copy two days ago and have installed it.  Whether it works or not remains to be tested, pending the rest of my coding.  Perhaps someone else can address the previous poster’s request for changes?

  • #19 / Feb 08, 2009 11:44pm

    BIll Zeller

    1 posts

    TWP Marketing: I definitely do not use the convention of not closing function brackets, although this may have happened unintentionally. Can you point me to the unclosed bracket?

  • #20 / Feb 09, 2009 2:27pm

    TWP Marketing

    596 posts

    Bill, Sorry for the confusion, it is on my part.  When I “cleaned up” the code, I also re-tabbed the formatting to suit my taste and I think I removed your closing brackets, probably because I missed the fact that the final function was outside the class declaration.  Again, it was my mistake, not yours, your code is fine.
    TWP

  • #21 / Mar 16, 2009 8:43pm

    helphelp

    14 posts

    Thanks a lots
    That’s what i am looking for.
    work great!

    btw, how can i test my site to ensure it is 100%? working?

    Thanks

  • #22 / Mar 16, 2009 10:29pm

    Thorpe Obazee

    1138 posts

    go to your browser and browse it?

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register