summaryrefslogtreecommitdiffstats
path: root/user_guide/libraries/security.html
diff options
context:
space:
mode:
authorGreg Aker <greg@gregaker.net>2011-08-20 18:58:58 +0200
committerGreg Aker <greg@gregaker.net>2011-08-20 18:58:58 +0200
commitabbad9ea53e81c6e3211029711ac5b2ab4f1978d (patch)
tree9a4d5a8587da1dd3a365251afa37be2f835a53c2 /user_guide/libraries/security.html
parent71644d683d0a15a6f7e04fabd0f51a4200d620b4 (diff)
parentd56be70257696d0bbf2dcc880888d8dc17cba21c (diff)
Merge branch 'develop' into feature/unit-tests
Conflicts: .hgignore
Diffstat (limited to 'user_guide/libraries/security.html')
-rw-r--r--user_guide/libraries/security.html10
1 files changed, 5 insertions, 5 deletions
diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html
index 0cb1d0cb1..dd62a4386 100644
--- a/user_guide/libraries/security.html
+++ b/user_guide/libraries/security.html
@@ -28,7 +28,7 @@
<div id="masthead">
<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
<tr>
-<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td>
+<td><h1>CodeIgniter User Guide Version 2.0.3</h1></td>
<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
</tr>
</table>
@@ -63,11 +63,11 @@ Security Class
<h2>XSS Filtering</h2>
<p>CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter
-all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does <strong>not</strong>
+all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does <strong>not</strong>
run globally since it requires a bit of processing overhead, and since you may not need it in all cases.</p>
<p>The XSS filter looks for commonly used techniques to trigger Javascript or other types of code that attempt to hijack cookies
-or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.</p>
+or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.</p>
<p>
Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead.</p>
@@ -88,7 +88,7 @@ Note: This function should only be used to deal with data upon submission. It's
<p>Note: If you use the form validation class, it gives you the option of XSS filtering as well.</p>
-<p>An optional second parameter, <dfn>is_image</dfn>, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to <dfn>TRUE</dfn>, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.</p>
+<p>An optional second parameter, <dfn>is_image</dfn>, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to <dfn>TRUE</dfn>, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.</p>
<code>if ($this->security->xss_clean($file, TRUE) === FALSE)<br />
{<br />
@@ -98,7 +98,7 @@ Note: This function should only be used to deal with data upon submission. It's
<h2>$this->security->sanitize_filename()</h2>
-<p>When accepting filenames from user input, it is best to sanitize them to prevent directory traversal and other security related issues. To do so, use the <dfn>sanitize_filename()</dfn> method of the Security class. Here is an example:</p>
+<p>When accepting filenames from user input, it is best to sanitize them to prevent directory traversal and other security related issues. To do so, use the <dfn>sanitize_filename()</dfn> method of the Security class. Here is an example:</p>
<code>$filename = $this->security->sanitize_filename($this->input->post('filename'));</code>