Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
532 views
in Technique[技术] by (71.8m points)

csrf protection - Codeigniter showing error when I try to resubmit form with csrf_protection set to true

My CI website has csrf protection.

$config['csrf_protection'] = TRUE;

So, when I resubmit form by refresh I am getting the following error.

The action you have requested is not allowed

Instead of showing this message, I want it to return to last page.

So, I try to override csrf_show_error() method by extending the CI_Security file.

This is my class located in application/core/My_Security.php

class MY_Security extends CI_Security {

    public function __construct()
    {
        parent::__construct();
        $this->load->library('user_agent');
    }

    public function csrf_show_error()
    {
        // show_error('The action you have requested is not allowed.');  // default code

        // force page "refresh" - redirect back to itself 
        // a page refresh restores the CSRF cookie      
        if ($this->agent->is_referral())
        {
            redirect(site_url());

        } else {            
            redirect($_SERVER['HTTP_REFERER']);         
        }        
    }
}

I am getting the following error

Call to a member function library() on a non-object

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Insted of changing the core classes, I extended the MY_Securtiy class in core folder of application. and redirecting to past page.

File Location: applicationcoreMY_Security.php

class MY_Security extends CI_Security {

    public function __construct()
    {
        parent::__construct();      
    }

    public function csrf_show_error()
    {
        header('Location: ' . htmlspecialchars($_SERVER['REQUEST_URI']), TRUE, 200);
    }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...