diff options
author | Florian Pritz <bluewind@xinu.at> | 2017-09-09 16:05:22 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2017-09-09 16:05:22 +0200 |
commit | 27639d64d06b62f237bbde253c46cd28fdce8884 (patch) | |
tree | 7a2f00cfd44cfcdfe6cb1abc1cfc0675632948c4 /system/helpers/security_helper.php | |
parent | 9c5bfbee5b42ea50a5611c537b8dbf01d7a64f79 (diff) | |
parent | 6c7a4266410070d30f8f6bcdf9c9e67f3d6478e3 (diff) |
Merge tag '3.1.5' into dev-ci3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'system/helpers/security_helper.php')
-rw-r--r-- | system/helpers/security_helper.php | 143 |
1 files changed, 76 insertions, 67 deletions
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index cfb1e9d2d..5e2970a5c 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -1,19 +1,41 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP * - * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html - * @link http://codeigniter.com - * @since Version 1.0 + * This content is released under the MIT License (MIT) + * + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link https://codeigniter.com + * @since Version 1.0.0 * @filesource */ - -// ------------------------------------------------------------------------ +defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Security Helpers @@ -21,108 +43,95 @@ * @package CodeIgniter * @subpackage Helpers * @category Helpers - * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/helpers/security_helper.html + * @author EllisLab Dev Team + * @link https://codeigniter.com/user_guide/helpers/security_helper.html */ // ------------------------------------------------------------------------ -/** - * XSS Filtering - * - * @access public - * @param string - * @param bool whether or not the content is an image file - * @return string - */ if ( ! function_exists('xss_clean')) { + /** + * XSS Filtering + * + * @param string + * @param bool whether or not the content is an image file + * @return string + */ function xss_clean($str, $is_image = FALSE) { - $CI =& get_instance(); - return $CI->security->xss_clean($str, $is_image); + return get_instance()->security->xss_clean($str, $is_image); } } // ------------------------------------------------------------------------ -/** - * Sanitize Filename - * - * @access public - * @param string - * @return string - */ if ( ! function_exists('sanitize_filename')) { + /** + * Sanitize Filename + * + * @param string + * @return string + */ function sanitize_filename($filename) { - $CI =& get_instance(); - return $CI->security->sanitize_filename($filename); + return get_instance()->security->sanitize_filename($filename); } } // -------------------------------------------------------------------- -/** - * Hash encode a string - * - * @access public - * @param string - * @return string - */ if ( ! function_exists('do_hash')) { + /** + * Hash encode a string + * + * @todo Remove in version 3.1+. + * @deprecated 3.0.0 Use PHP's native hash() instead. + * @param string $str + * @param string $type = 'sha1' + * @return string + */ function do_hash($str, $type = 'sha1') { - if ($type == 'sha1') - { - return sha1($str); - } - else + if ( ! in_array(strtolower($type), hash_algos())) { - return md5($str); + $type = 'md5'; } + + return hash($type, $str); } } // ------------------------------------------------------------------------ -/** - * Strip Image Tags - * - * @access public - * @param string - * @return string - */ if ( ! function_exists('strip_image_tags')) { + /** + * Strip Image Tags + * + * @param string + * @return string + */ function strip_image_tags($str) { - $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str); - $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str); - - return $str; + return get_instance()->security->strip_image_tags($str); } } // ------------------------------------------------------------------------ -/** - * Convert PHP tags to entities - * - * @access public - * @param string - * @return string - */ if ( ! function_exists('encode_php_tags')) { + /** + * Convert PHP tags to entities + * + * @param string + * @return string + */ function encode_php_tags($str) { - return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); + return str_replace(array('<?', '?>'), array('<?', '?>'), $str); } } - - -/* End of file security_helper.php */ -/* Location: ./system/helpers/security_helper.php */
\ No newline at end of file |