summaryrefslogtreecommitdiffstats
path: root/system/helpers/security_helper.php
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2017-09-09 16:05:22 +0200
committerFlorian Pritz <bluewind@xinu.at>2017-09-09 16:05:22 +0200
commit27639d64d06b62f237bbde253c46cd28fdce8884 (patch)
tree7a2f00cfd44cfcdfe6cb1abc1cfc0675632948c4 /system/helpers/security_helper.php
parent9c5bfbee5b42ea50a5611c537b8dbf01d7a64f79 (diff)
parent6c7a4266410070d30f8f6bcdf9c9e67f3d6478e3 (diff)
Merge tag '3.1.5' into dev-ci3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'system/helpers/security_helper.php')
-rw-r--r--system/helpers/security_helper.php143
1 files changed, 76 insertions, 67 deletions
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php
index cfb1e9d2d..5e2970a5c 100644
--- a/system/helpers/security_helper.php
+++ b/system/helpers/security_helper.php
@@ -1,19 +1,41 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP
*
- * @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
- * @license http://codeigniter.com/user_guide/license.html
- * @link http://codeigniter.com
- * @since Version 1.0
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
+ * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
+ * @license http://opensource.org/licenses/MIT MIT License
+ * @link https://codeigniter.com
+ * @since Version 1.0.0
* @filesource
*/
-
-// ------------------------------------------------------------------------
+defined('BASEPATH') OR exit('No direct script access allowed');
/**
* CodeIgniter Security Helpers
@@ -21,108 +43,95 @@
* @package CodeIgniter
* @subpackage Helpers
* @category Helpers
- * @author ExpressionEngine Dev Team
- * @link http://codeigniter.com/user_guide/helpers/security_helper.html
+ * @author EllisLab Dev Team
+ * @link https://codeigniter.com/user_guide/helpers/security_helper.html
*/
// ------------------------------------------------------------------------
-/**
- * XSS Filtering
- *
- * @access public
- * @param string
- * @param bool whether or not the content is an image file
- * @return string
- */
if ( ! function_exists('xss_clean'))
{
+ /**
+ * XSS Filtering
+ *
+ * @param string
+ * @param bool whether or not the content is an image file
+ * @return string
+ */
function xss_clean($str, $is_image = FALSE)
{
- $CI =& get_instance();
- return $CI->security->xss_clean($str, $is_image);
+ return get_instance()->security->xss_clean($str, $is_image);
}
}
// ------------------------------------------------------------------------
-/**
- * Sanitize Filename
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('sanitize_filename'))
{
+ /**
+ * Sanitize Filename
+ *
+ * @param string
+ * @return string
+ */
function sanitize_filename($filename)
{
- $CI =& get_instance();
- return $CI->security->sanitize_filename($filename);
+ return get_instance()->security->sanitize_filename($filename);
}
}
// --------------------------------------------------------------------
-/**
- * Hash encode a string
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('do_hash'))
{
+ /**
+ * Hash encode a string
+ *
+ * @todo Remove in version 3.1+.
+ * @deprecated 3.0.0 Use PHP's native hash() instead.
+ * @param string $str
+ * @param string $type = 'sha1'
+ * @return string
+ */
function do_hash($str, $type = 'sha1')
{
- if ($type == 'sha1')
- {
- return sha1($str);
- }
- else
+ if ( ! in_array(strtolower($type), hash_algos()))
{
- return md5($str);
+ $type = 'md5';
}
+
+ return hash($type, $str);
}
}
// ------------------------------------------------------------------------
-/**
- * Strip Image Tags
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('strip_image_tags'))
{
+ /**
+ * Strip Image Tags
+ *
+ * @param string
+ * @return string
+ */
function strip_image_tags($str)
{
- $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
- $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
-
- return $str;
+ return get_instance()->security->strip_image_tags($str);
}
}
// ------------------------------------------------------------------------
-/**
- * Convert PHP tags to entities
- *
- * @access public
- * @param string
- * @return string
- */
if ( ! function_exists('encode_php_tags'))
{
+ /**
+ * Convert PHP tags to entities
+ *
+ * @param string
+ * @return string
+ */
function encode_php_tags($str)
{
- return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
+ return str_replace(array('<?', '?>'), array('&lt;?', '?&gt;'), $str);
}
}
-
-
-/* End of file security_helper.php */
-/* Location: ./system/helpers/security_helper.php */ \ No newline at end of file