commit aeb2c3e532e78be9ac78ba6fd4a305b7be31d2ab
author Alex Bilbie <alex.bilbie@gmail.com> Sun Aug 21 16:14:54 2011 +0100
committer Alex Bilbie <alex.bilbie@gmail.com> Sun Aug 21 16:14:54 2011 +0100
tree 91050bc3c6fb7cbcd26c96cc577e60571dedd1a1
parent a1a8ef711ec179a183a32f6cf4502ddc48782a84

Added new config parameter "csrf_exclude_uris" which allows for URIs to be whitelisted from CSRF verification. Fixes #149

system/core/Security.php

diff --git a/system/core/Security.php b/system/core/Security.php
index 3617cad..efd30eb 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -93,6 +93,16 @@
 		{
 			return $this->csrf_set_cookie();
 		}
+		
+		// Check if URI has been whitelisted from CSRF checks
+		if ($exclude_uris = config_item('csrf_exclude_uris'))
+		{
+			$uri = load_class('URI', 'core');
+			if (in_array($uri->uri_string(), $exclude_uris))
+			{
+				return $this;
+			}
+		}
 
 		// Do the tokens exist in both the _POST and _COOKIE arrays?
 		if ( ! isset($_POST[$this->_csrf_token_name]) OR 
@@ -116,7 +126,7 @@
 		$this->_csrf_set_hash();
 		$this->csrf_set_cookie();
 
-		log_message('debug', "CSRF token verified ");
+		log_message('debug', "CSRF token verified");
 		
 		return $this;
 	}