来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 首先我们看文档:http: codeigniter org cn user_guide libraries security html最后几行讲解到:跨站请求伪造(Cross-site request forgery,CSRF)打开你的application config config php文件,进行如下设置,...
首先我们看文档:http://codeigniter.org.cn/user_guide/libraries/security.html
/** * Form Declaration * * Creates the opening portion of the form. * * @access public * @param string the URI segments of the form destination * @param array a key/value pair of attributes * @param array a key/value pair hidden data * @return string */ if ( ! function_exists('form_open')) { function form_open($action = '', $attributes = '', $hidden = array()) { $CI =& get_instance(); if ($attributes == '') { $attributes = 'method="post"'; } // If an action is not a full URL then turn it into one if ($action && strpos($action, '://') === FALSE) { $action = $CI->config->site_url($action); } // If no action is provided then set to the current url $action OR $action = $CI->config->site_url($CI->uri->uri_string()); $form = '<form action="'.$action.'"'; $form .= _attributes_to_string($attributes, TRUE); $form .= '>'; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } if (is_array($hidden) AND count($hidden) > 0) { $form .= sprintf("<div style=\"display:none\">%s</div>",form_hidden($hidden)); } return $form; } }
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url())=== FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); }
<?php if ($this->config->item('csrf_protection') === TRUE) { ?> <input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>" /> <?php } ?>
$data['token'] = ''; if ($this->config->item('csrf_protection') === TRUE) { $data['token'] = '<input type="hidden" name="' . $this->security->get_csrf_token_name() .'" value="' . $this->security->get_csrf_hash() . '" />'; } $this->load->view('reg_index', $data);
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com