diff options
author | Greg Aker <greg.aker@ellislab.com> | 2011-04-27 08:47:47 +0200 |
---|---|---|
committer | Greg Aker <greg.aker@ellislab.com> | 2011-04-27 08:47:47 +0200 |
commit | a6507905578f1cf209776ae3d53099a005a06823 (patch) | |
tree | 9f23bb557f920034cf65c86059c84e37efd34d79 /user_guide/libraries/input.html | |
parent | 60ef4ea72e169e174ff8dbb421609a178a3c0c48 (diff) | |
parent | 25d495b4a2598f771a858108a2cd2e96f0130412 (diff) |
merging in changes
Diffstat (limited to 'user_guide/libraries/input.html')
-rw-r--r-- | user_guide/libraries/input.html | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html index 08b8ab0d3..6070b6c48 100644 --- a/user_guide/libraries/input.html +++ b/user_guide/libraries/input.html @@ -70,20 +70,20 @@ Input Class <h2>Security Filtering</h2> -<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> +<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> <ul> -<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> +<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> <li>Destroys all global variables in the event register_globals is turned on.</li> <li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> -<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> +<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> <li>Standardizes newline characters to \n</li> </ul> <h2>XSS Filtering</h2> -<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your +<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your <kbd>application/config/config.php</kbd> file and setting this:</p> <code>$config['global_xss_filtering'] = TRUE;</code> @@ -93,9 +93,9 @@ Input Class <h2>Using POST, COOKIE, or SERVER Data</h2> -<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided +<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and -return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. +return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. In other words, normally you might do something like this:</p> <code> @@ -128,7 +128,7 @@ else<br /> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> <code>$this->input->post('some_data', TRUE);</code> @@ -179,7 +179,7 @@ else<br /> <h2>$this->input->set_cookie()</h2> -<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: +<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: Array Method, and Discrete Parameters:</p> <h4>Array Method</h4> @@ -203,10 +203,10 @@ $this->input->set_cookie($cookie); <p>Only the name and value are required. To delete a cookie set it with the expiration blank.</p> -<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the -number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to +<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the +number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.</p> -<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> +<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> <p>The path is usually not needed since the function sets a root path.</p> <p>The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.</p> <p>The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE.</p> @@ -219,25 +219,25 @@ zero the cookie will only last as long as the browser is open.</p> <h2>$this->input->cookie()</h2> -<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> +<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> <code>cookie('some_cookie');</code> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> <p><code>cookie('some_cookie', TRUE);</code></p> <h2>$this->input->ip_address()</h2> -<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> +<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> <code>echo $this->input->ip_address();</code> <h2>$this->input->valid_ip(<var>$ip</var>)</h2> -<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above +<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above validates the IP automatically.</p> <code>if ( ! $this->input->valid_ip($ip))<br /> @@ -256,7 +256,7 @@ else<br /> <p>See the <a href="user_agent.html">User Agent Class</a> for methods which extract information from the user agent string.</p> <h2>$this->input->request_headers()</h2> -<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> +<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> <code>$headers = $this->input->request_headers();</code> |