Skip to content

Commit

Permalink
update changelog and user guide
Browse files Browse the repository at this point in the history
  • Loading branch information
michalsn committed Sep 9, 2023
1 parent e25f256 commit 6e62f1f
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions user_guide_src/source/changelogs/v4.4.2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ Message Changes
Changes
*******

- **Security:** The presence of the CSRF token is now also checked in the raw body (not JSON format) for PUT, PATCH, and DELETE type of requests.

Deprecations
************

Bugs Fixed
**********

- **Security:** Fixed a bug where the CSRF token wasn't checked if we sent it in the raw body (not JSON format) for PUT, PATCH, and DELETE requests.

See the repo's
`CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_
for a complete list of bugs fixed.
1 change: 1 addition & 0 deletions user_guide_src/source/libraries/security.rst
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,7 @@ The order of checking the availability of the CSRF token is as follows:
1. ``$_POST`` array
2. HTTP header
3. ``php://input`` (JSON request) - bear in mind that this approach is the slowest one since we have to decode JSON and then re-encode it
4. ``php://input`` (raw body) - for PUT, PATCH, and DELETE type of requests

*********************
Other Helpful Methods
Expand Down

0 comments on commit 6e62f1f

Please sign in to comment.