ci框架如何手动进行csrf攻击防范

星期五, 2016-09-09 16:41 — adminshiping1

0.修改application/config/$config.php文件中

$config['csrf_protection'] = false;

1.修改system/core/Security.php文件注释掉

function __construct()其中的第一行代码如下

//if (config_item('csrf_protection') === TRUE)

2.手动使用

1>controller

public function index()

{

$data = new stdClass();

$data ->token_name = $this ->security->get_csrf_token_name();

$data ->token_hash = $this ->security->get_csrf_hash();

$this ->load->view( 'sec' , $data );

}

2>view文件

<!doctype html>

<html>

<head>

<meta charset= "utf-8" />

<title>security check!</title>

</head>

<body>

<form method= "post" action= "/index.php/sec/post" >

<label for = "user" >user</label>

<input id= "user" name= "user" value= "" />

<label for = "age" >age</label>

<input id= "age" name= "age" value= "" />

<input type= "submit" value= "提交" />

<input type= "hidden" name= "<?php echo $token_name; ?>" value= "<?php echo $token_hash; ?>" />

</form>

</body>

</html>

3>提交

public function post()

{

$this ->security->csrf_verify(); //csrf检查

var_dump( $_POST );

}

普通分类:

You are here