Fix 'Array to string conversion' notice in CSRF validation Rel: #3398

commit: 162b1a9824deba1369d756eccc9535544452b479 [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Mon Dec 08 10:59:51 2014 +0200
committer: Andrey Andreev <narf@devilix.net> Mon Dec 08 10:59:51 2014 +0200
tree: 788fbd9c59843d52131eb7f275a3f7645fa83180
parent: 3c0427e7dd11380692f9898d7cc04ba1b5a8491b [diff] [blame]
diff --git a/system/core/Security.php b/system/core/Security.php
index 6ed0f8d..8adc356 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -977,8 +977,8 @@
 			// We don't necessarily want to regenerate it with
 			// each page load since a page could contain embedded
 			// sub-pages causing this feature to fail
-			if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
-				preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
+			if (isset($_COOKIE[$this->_csrf_cookie_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
+				&& preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
 			{
 				return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
 			}
commit	162b1a9824deba1369d756eccc9535544452b479	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Mon Dec 08 10:59:51 2014 +0200
committer	Andrey Andreev <narf@devilix.net>	Mon Dec 08 10:59:51 2014 +0200
tree	788fbd9c59843d52131eb7f275a3f7645fa83180
parent	3c0427e7dd11380692f9898d7cc04ba1b5a8491b [diff] [blame]