summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries/security.rst
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-02-08 03:27:48 +0100
committerAndrey Andreev <narf@devilix.net>2014-02-08 03:27:48 +0100
commit28c2c975b118016d07212ed8e7c22ff280309f82 (patch)
treef1552392a3d87efebd7c565c6414ae41dc208ee9 /user_guide_src/source/libraries/security.rst
parent9228f85b1b4f59cc88ba7c4addc258a7a5fd0ac0 (diff)
[ci skip] Add return types to library docs
Diffstat (limited to 'user_guide_src/source/libraries/security.rst')
-rw-r--r--user_guide_src/source/libraries/security.rst26
1 files changed, 16 insertions, 10 deletions
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index 451fadf93..fb875a0d9 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -105,17 +105,19 @@ Class Reference
.. method:: xss_clean($str[, $is_image = FALSE])
- :param string $str: Input string
- :returns: mixed
+ :param mixed $str: Input string or an array of strings
+ :returns: XSS-clean data
+ :rtype: mixed
Tries to remove XSS exploits from the input data and returns the cleaned string.
If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.
.. method:: sanitize_filename($str[, $relative_path = FALSE])
- :param string $str: File name/path
- :param bool $relative_path: Whether to preserve any directories in the file path
- :returns: string
+ :param string $str: File name/path
+ :param bool $relative_path: Whether to preserve any directories in the file path
+ :returns: Sanitized file name/path
+ :rtype: string
Tries to sanitize filenames in order to prevent directory traversal attempts
and other security threats, which is particularly useful for files that were supplied via user input.
@@ -131,23 +133,27 @@ Class Reference
.. method:: get_csrf_token_name()
- :returns: string
+ :returns: CSRF token name
+ :rtype: string
Returns the CSRF token name (the ``$config['csrf_token_name']`` value).
.. method:: get_csrf_hash()
- :returns: string
+ :returns: CSRF hash
+ :rtype: string
Returns the CSRF hash value. Useful in combination with ``get_csrf_token_name()``
for manually building forms or sending valid AJAX POST requests.
.. method:: entity_decode($str[, $charset = NULL])
- :param string $str: Input string
- :param string $charset: Character set of the input string
+ :param string $str: Input string
+ :param string $charset: Character set of the input string
+ :returns: Entity-decoded string
+ :rtype: string
This method acts a lot like PHP's own native ``html_entity_decode()`` function in ENT_COMPAT mode, only
it tries to detect HTML entities that don't end in a semicolon because some browsers allow that.
- If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used.
+ If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. \ No newline at end of file