A quick intro to CodeIgniter 2 CSRF protection
I know this might sound dumb, but I’m wondering if this protection alters the value of the hidden input when you try to recover it by post.
Here’s a quick example to show you what the protection does.
If I write :
<input type='hidden' name='1_Info".$kid_nb."' value='".$code."'>
It will output on the page :
<input type="hidden" value="0d3a7bb9f93f438dda1f605d2ac2cb7c" name="csrf_test_name">
Protection is good. But am I going to recover the right data when I use POST method on that input? Moreover, the value of $code is CodeIgniter-encoded ( using their library ). Is it going to mess it up ?
Finally, can I still reach that input, considering his name has been changed ? I know this might sound dumb, since a good protection wouldn’t stop me from using my data, but it’s always better to ask, right ?
Thanks, as usual. I’m merely a student.
I think there’s some confusion. Codeigniter does NOT overwrite your variables: hidden or not. If you enable CSRF protection, framework will ADD another hidden field and check that token on submission. You still have your variables in the form and can process them the same way you normally would.
I don’t see how
gets converted into
The latter would just get added to your list of form fields