Subversion-Projekte lars-tiefland.ci

Revision

Revision 1257 | Revision 2107 | Zur aktuellen Revision | Ganze Datei anzeigen | Leerzeichen ignorieren | Details | Blame | Letzte Änderung | Log anzeigen | RSS feed

Revision 1257 Revision 2049
Zeile 4... Zeile 4...
4
 *
4
 *
5
 * An open source application development framework for PHP
5
 * An open source application development framework for PHP
6
 *
6
 *
7
 * This content is released under the MIT License (MIT)
7
 * This content is released under the MIT License (MIT)
8
 *
8
 *
9
 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
9
 * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
10
 *
10
 *
11
 * Permission is hereby granted, free of charge, to any person obtaining a copy
11
 * Permission is hereby granted, free of charge, to any person obtaining a copy
12
 * of this software and associated documentation files (the "Software"), to deal
12
 * of this software and associated documentation files (the "Software"), to deal
13
 * in the Software without restriction, including without limitation the rights
13
 * in the Software without restriction, including without limitation the rights
14
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
Zeile 27... Zeile 27...
27
 * THE SOFTWARE.
27
 * THE SOFTWARE.
28
 *
28
 *
29
 * @package	CodeIgniter
29
 * @package	CodeIgniter
30
 * @author	EllisLab Dev Team
30
 * @author	EllisLab Dev Team
31
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
31
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
32
 * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
32
 * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
33
 * @license	http://opensource.org/licenses/MIT	MIT License
33
 * @license	http://opensource.org/licenses/MIT	MIT License
34
 * @link	https://codeigniter.com
34
 * @link	https://codeigniter.com
35
 * @since	Version 1.0.0
35
 * @since	Version 1.0.0
36
 * @filesource
36
 * @filesource
37
 */
37
 */
Zeile 88... Zeile 88...
88
			$attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
88
			$attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
89
		}
89
		}
Zeile 90... Zeile 90...
90
 
90
 
Zeile 91... Zeile -...
91
		$form = '<form action="'.$action.'"'.$attributes.">\n";
-
 
92
 
-
 
93
		// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
-
 
94
		if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
-
 
95
		{
-
 
96
			$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
-
 
97
		}
91
		$form = '<form action="'.$action.'"'.$attributes.">\n";
98
 
92
 
99
		if (is_array($hidden))
93
		if (is_array($hidden))
100
		{
94
		{
101
			foreach ($hidden as $name => $value)
95
			foreach ($hidden as $name => $value)
102
			{
96
			{
103
				$form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value).'" />'."\n";
97
				$form .= '<input type="hidden" name="'.$name.'" value="'.html_escape($value).'" />'."\n";
Zeile -... Zeile 98...
-
 
98
			}
-
 
99
		}
-
 
100
 
-
 
101
		// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
-
 
102
		if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"'))
-
 
103
		{
-
 
104
			// Prepend/append random-length "white noise" around the CSRF
-
 
105
			// token input, as a form of protection against BREACH attacks
-
 
106
			if (FALSE !== ($noise = $CI->security->get_random_bytes(1)))
-
 
107
			{
-
 
108
				list(, $noise) = unpack('c', $noise);
-
 
109
			}
-
 
110
			else
-
 
111
			{
-
 
112
				$noise = mt_rand(-128, 127);
-
 
113
			}
-
 
114
 
-
 
115
			// Prepend if $noise has a negative value, append if positive, do nothing for zero
-
 
116
			$prepend = $append = '';
-
 
117
			if ($noise < 0)
-
 
118
			{
-
 
119
				$prepend = str_repeat(" ", abs($noise));
-
 
120
			}
-
 
121
			elseif ($noise > 0)
-
 
122
			{
-
 
123
				$append  = str_repeat(" ", $noise);
-
 
124
			}
-
 
125
 
-
 
126
			$form .= sprintf(
-
 
127
				'%s<input type="hidden" name="%s" value="%s" />%s%s',
-
 
128
				$prepend,
-
 
129
				$CI->security->get_csrf_token_name(),
-
 
130
				$CI->security->get_csrf_hash(),
-
 
131
				$append,
-
 
132
				"\n"
104
			}
133
			);
105
		}
134
		}
106
 
135
 
Zeile 107... Zeile 136...
107
		return $form;
136
		return $form;