diff options
Diffstat (limited to 'user_guide/libraries/security.html')
| -rw-r--r-- | user_guide/libraries/security.html | 739 |
1 files changed, 739 insertions, 0 deletions
diff --git a/user_guide/libraries/security.html b/user_guide/libraries/security.html new file mode 100644 index 000000000..7177b1ce1 --- /dev/null +++ b/user_guide/libraries/security.html @@ -0,0 +1,739 @@ + + +<!DOCTYPE html> +<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> +<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <title>Security Class — CodeIgniter 3.1.10 documentation</title> + + + + + <link rel="shortcut icon" href="../_static/ci-icon.ico"/> + + + + <link href='https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic|Roboto+Slab:400,700|Inconsolata:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'> + + + + + + + + + + <link rel="stylesheet" href="../_static/css/citheme.css" type="text/css" /> + + + + <link rel="index" title="Index" + href="../genindex.html"/> + <link rel="search" title="Search" href="../search.html"/> + <link rel="top" title="CodeIgniter 3.1.10 documentation" href="../index.html"/> + <link rel="up" title="Libraries" href="index.html"/> + <link rel="next" title="Session Library" href="sessions.html"/> + <link rel="prev" title="Template Parser Class" href="parser.html"/> + + + <script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.6.2/modernizr.min.js"></script> + +</head> + +<body class="wy-body-for-nav" role="document"> + + <div id="nav"> + <div id="nav_inner"> + + + + <div id="pulldown-menu" class="ciNav"> + <ul> +<li class="toctree-l1"><a class="reference internal" href="../general/welcome.html">Welcome to CodeIgniter</a></li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation Instructions</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../installation/downloads.html">Downloading CodeIgniter</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/index.html">Installation Instructions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/upgrading.html">Upgrading From a Previous Version</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/troubleshooting.html">Troubleshooting</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../overview/index.html">CodeIgniter Overview</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../overview/getting_started.html">Getting Started</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/at_a_glance.html">CodeIgniter at a Glance</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/features.html">Supported Features</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/appflow.html">Application Flow Chart</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/mvc.html">Model-View-Controller</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/goals.html">Architectural Goals</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../tutorial/index.html">Tutorial</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/static_pages.html">Static pages</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/news_section.html">News section</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/create_news_items.html">Create news items</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/conclusion.html">Conclusion</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../contributing/index.html">Contributing to CodeIgniter</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../documentation/index.html">Writing CodeIgniter Documentation</a></li> +<li class="toctree-l2"><a class="reference internal" href="../DCO.html">Developer’s Certificate of Origin 1.1</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../general/index.html">General Topics</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../general/urls.html">CodeIgniter URLs</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/controllers.html">Controllers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/reserved_names.html">Reserved Names</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/views.html">Views</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/models.html">Models</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/helpers.html">Helpers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/libraries.html">Using CodeIgniter Libraries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/creating_libraries.html">Creating Libraries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/drivers.html">Using CodeIgniter Drivers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/creating_drivers.html">Creating Drivers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/core_classes.html">Creating Core System Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/ancillary_classes.html">Creating Ancillary Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/hooks.html">Hooks - Extending the Framework Core</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/autoloader.html">Auto-loading Resources</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/common_functions.html">Common Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/compatibility_functions.html">Compatibility Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/routing.html">URI Routing</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/errors.html">Error Handling</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/caching.html">Caching</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/profiling.html">Profiling Your Application</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/cli.html">Running via the CLI</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/managing_apps.html">Managing your Applications</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/environments.html">Handling Multiple Environments</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/alternative_php.html">Alternate PHP Syntax for View Files</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/security.html">Security</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/styleguide.html">PHP Style Guide</a></li> +</ul> +</li> +</ul> +<ul class="current"> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">Libraries</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="benchmark.html">Benchmarking Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="caching.html">Caching Driver</a></li> +<li class="toctree-l2"><a class="reference internal" href="calendar.html">Calendaring Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="cart.html">Shopping Cart Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="config.html">Config Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="email.html">Email Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="encrypt.html">Encrypt Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="encryption.html">Encryption Library</a></li> +<li class="toctree-l2"><a class="reference internal" href="file_uploading.html">File Uploading Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="form_validation.html">Form Validation</a></li> +<li class="toctree-l2"><a class="reference internal" href="ftp.html">FTP Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="image_lib.html">Image Manipulation Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="input.html">Input Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="javascript.html">Javascript Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="language.html">Language Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="loader.html">Loader Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="migration.html">Migrations Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="output.html">Output Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="pagination.html">Pagination Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="parser.html">Template Parser Class</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="#">Security Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="sessions.html">Session Library</a></li> +<li class="toctree-l2"><a class="reference internal" href="table.html">HTML Table Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="trackback.html">Trackback Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="typography.html">Typography Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="unit_testing.html">Unit Testing Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="uri.html">URI Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="user_agent.html">User Agent Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="xmlrpc.html">XML-RPC and XML-RPC Server Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="zip.html">Zip Encoding Class</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../database/index.html">Database Reference</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../database/examples.html">Quick Start: Usage Examples</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/configuration.html">Database Configuration</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/connecting.html">Connecting to a Database</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/queries.html">Running Queries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/results.html">Generating Query Results</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/helpers.html">Query Helper Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/query_builder.html">Query Builder Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/transactions.html">Transactions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/metadata.html">Getting MetaData</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/call_function.html">Custom Function Calls</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/caching.html">Query Caching</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/forge.html">Database Manipulation with Database Forge</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/utilities.html">Database Utilities Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/db_driver_reference.html">Database Driver Reference</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../helpers/index.html">Helpers</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../helpers/array_helper.html">Array Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/captcha_helper.html">CAPTCHA Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/cookie_helper.html">Cookie Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/date_helper.html">Date Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/directory_helper.html">Directory Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/download_helper.html">Download Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/email_helper.html">Email Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/file_helper.html">File Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/form_helper.html">Form Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/html_helper.html">HTML Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/inflector_helper.html">Inflector Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/language_helper.html">Language Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/number_helper.html">Number Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/path_helper.html">Path Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/security_helper.html">Security Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/smiley_helper.html">Smiley Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/string_helper.html">String Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/text_helper.html">Text Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/typography_helper.html">Typography Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/url_helper.html">URL Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/xml_helper.html">XML Helper</a></li> +</ul> +</li> +</ul> + + </div> + + + </div> +</div> +<div id="nav2"> + <a href="#" id="openToc"> + <img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAARgAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABAMDAwMDBAMDBAYEAwQGBwUEBAUHCAYGBwYGCAoICQkJCQgKCgwMDAwMCgwMDQ0MDBERERERFBQUFBQUFBQUFAEEBQUIBwgPCgoPFA4ODhQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU/8AAEQgAKwCaAwERAAIRAQMRAf/EAHsAAQAABwEBAAAAAAAAAAAAAAABAwQFBgcIAgkBAQAAAAAAAAAAAAAAAAAAAAAQAAEDAwICBwYEAgsAAAAAAAIBAwQAEQUSBiEHkROTVNQWGDFBUVIUCHEiMtOUFWGBobHRQlMkZIRVEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwDSC+ygkOOaUoKigUCgUCgUCgUCgUCgUCgUCgkuGguIP9FBMFb0Hqg7We+3jlmIqqYFf4ub+/QYlnOR/LqIBKGFUbf8qWv971BytQXXE7Y3Lnm3HsFhp2TaZJAdchRXpIgSpdEJWxJEW3xoKV7F5OMy7JkQn2o7D6w33XGjEAkoiqrJEqIiOIiKuhePCgqp22dyYyS3CyWHnQ5joG61HkRnmnTbaFSMhExRVQRRVJU9iUHjE7ez+fJ0MFipmUNhBV8YUd2SoIV9KkjQla9ltegttBdPLW4/qocL+UTfrMiHW4+P9M71shuyrqaHTcxsl7jegpsji8nh5ZwMvDfgTm0RTjSmjYdFCS6KoOIipdFunCgmNYTMv457MMY6U7iI6oMieDDhRm1VbIhuoOkbqtuK0Hpzb+eZcYZexUxt6UyUqK2cd0SdjtgrhOgijcgERUlJOCIl6CpgbP3blRI8XgMjNARAyKNDfeRBdFDBVUAXgQrqH4pxoJTu2NysY97LP4ac1io5q1InHFeGO24LnVKJuKOkSQ/yKir+rh7aCLG1dzypZQI2FnvTgccYOM3FeN0XWERXAUEFVQgQkUktdLpegm+Td3/Xli/L+S/mYNJIOF9G/wBeLKrZHFb0akG6W1WtQWSg3Dyg5e7V3fipE3O4/wCrktyzYA+ufas2LbZIlmnAT2kvuoN1wft95augilglX/tzP3qCu9O3LL/wV/i5v79BvmTADq14UGu91467Z6U9y0HzH/ncj/U/sT/CgynZG7I2NezpZGUjIycJkYkZSG+uQ81pbBNKLxJfjwoMqZ3/ALYHl35AJ7/cuwHcu5k7r1Q5pHetBjquqVVJWGxj9Zrtcl/Ggy3dHMvauR3HFZj5nHNxSyW5JISYDMoIwx8tFIGHZhPNaykGapr6rUAiicEoMG21lMRj8buPAz8xhJrr7uOeiPTCyAwXUaGR1mgozbTusOsFLEiJ7fbQa/h7gcjy2H3V6xppwDNtUSxCJIqp7valBuWVzJ22xuCROXNNZiJkMtms0DbjUkAZjzoDrTMd9dDRI44ZC2YsrYdKWP2WDT2S3N9dNdlRYrGMYc06IURXSYb0igrpWS485xVNS6nF4rwslkoMwnbpgZLB7bmt5uMweAhDEl4B5uSLzzqTnnyVpW2jaJHRMSIjdDiiotvy3DOE5rYTEbkl5yFn28k7JyG4c7AU2HtLH1uKfaiMPI40CdYbpNtmLdwTSn5rewLNld+7TLdeal4WarWBkbVKBjgdElMJJwAAY5fl4kB3b1fp4XvagsGS3FjJfLzDNtS8aeXx7LzT7TyzByQE5PccRGRC0ZRUDRV6y62vbjagzLmJzS2vuPK43JY6aP1TW6Jz+RIWyFtyC06y3EkiiinAo7YCqfq1AqqnGgsOH3lhZO8d1pmcpB8j5XIm9OYlBJSQ/FSS4427DKO0RC8AlcEMhFdViRR1WDWR5t3WXVuL1d106kG9vdeye2g60+1FDyW0shIcXVpyroXt8I8dfd+NB1vioAdWnD3UF1+gD4UFc6CEKpagxXN43rwJLUHz7yX2c8zokt9uHlsPIhA4aRnnHJTLptIS6CNsY7iASpxUUMkReGpfbQW0vtN5pitvrsN28rwtBD0nc0+/Yft5XhaB6TuaXfsP28rwtA9J3NPv2H7eV4Wgek7mn37D9vK8LQPSdzT79h+3leFoHpO5pd+w/byvC0D0nc0u/Yft5XhaB6TuaXfsP28rwtA9J3NLv2H7eV4Wgek7ml37D9vK8LQPSdzS79h+3leFoHpO5p9+w/byvC0E9r7Reazy2HIYVPxkS/CUHVn26cosxyv2g7h89LYmZSXOenvLEQ1YaQ222RATcQCP8rSGqqA8S02W2pQ6FhMoAIlqCtsnwoCpdKClejI4i3Sgtb+GBxVuNBSFt1pV/RQefLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8utJ/koJ7WCbBU/LQXOPAFq1koK8B0pag90CggtBBf6qB0UDooHRQOigdFA6KB0UDooHRQOigdFA6KB0UDooI0EaBQf//Z" title="Toggle Table of Contents" alt="Toggle Table of Contents" /> + </a> +</div> + + <div class="wy-grid-for-nav"> + + + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-nav-search"> + + <a href="../index.html" class="fa fa-home"> CodeIgniter</a> + + +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + </div> + + <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> + + + + <ul> +<li class="toctree-l1"><a class="reference internal" href="../general/welcome.html">Welcome to CodeIgniter</a></li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation Instructions</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../installation/downloads.html">Downloading CodeIgniter</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/index.html">Installation Instructions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/upgrading.html">Upgrading From a Previous Version</a></li> +<li class="toctree-l2"><a class="reference internal" href="../installation/troubleshooting.html">Troubleshooting</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../overview/index.html">CodeIgniter Overview</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../overview/getting_started.html">Getting Started</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/at_a_glance.html">CodeIgniter at a Glance</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/features.html">Supported Features</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/appflow.html">Application Flow Chart</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/mvc.html">Model-View-Controller</a></li> +<li class="toctree-l2"><a class="reference internal" href="../overview/goals.html">Architectural Goals</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../tutorial/index.html">Tutorial</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/static_pages.html">Static pages</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/news_section.html">News section</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/create_news_items.html">Create news items</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tutorial/conclusion.html">Conclusion</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../contributing/index.html">Contributing to CodeIgniter</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../documentation/index.html">Writing CodeIgniter Documentation</a></li> +<li class="toctree-l2"><a class="reference internal" href="../DCO.html">Developer’s Certificate of Origin 1.1</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../general/index.html">General Topics</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../general/urls.html">CodeIgniter URLs</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/controllers.html">Controllers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/reserved_names.html">Reserved Names</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/views.html">Views</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/models.html">Models</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/helpers.html">Helpers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/libraries.html">Using CodeIgniter Libraries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/creating_libraries.html">Creating Libraries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/drivers.html">Using CodeIgniter Drivers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/creating_drivers.html">Creating Drivers</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/core_classes.html">Creating Core System Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/ancillary_classes.html">Creating Ancillary Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/hooks.html">Hooks - Extending the Framework Core</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/autoloader.html">Auto-loading Resources</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/common_functions.html">Common Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/compatibility_functions.html">Compatibility Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/routing.html">URI Routing</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/errors.html">Error Handling</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/caching.html">Caching</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/profiling.html">Profiling Your Application</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/cli.html">Running via the CLI</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/managing_apps.html">Managing your Applications</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/environments.html">Handling Multiple Environments</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/alternative_php.html">Alternate PHP Syntax for View Files</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/security.html">Security</a></li> +<li class="toctree-l2"><a class="reference internal" href="../general/styleguide.html">PHP Style Guide</a></li> +</ul> +</li> +</ul> +<ul class="current"> +<li class="toctree-l1 current"><a class="reference internal" href="index.html">Libraries</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="benchmark.html">Benchmarking Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="caching.html">Caching Driver</a></li> +<li class="toctree-l2"><a class="reference internal" href="calendar.html">Calendaring Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="cart.html">Shopping Cart Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="config.html">Config Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="email.html">Email Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="encrypt.html">Encrypt Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="encryption.html">Encryption Library</a></li> +<li class="toctree-l2"><a class="reference internal" href="file_uploading.html">File Uploading Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="form_validation.html">Form Validation</a></li> +<li class="toctree-l2"><a class="reference internal" href="ftp.html">FTP Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="image_lib.html">Image Manipulation Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="input.html">Input Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="javascript.html">Javascript Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="language.html">Language Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="loader.html">Loader Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="migration.html">Migrations Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="output.html">Output Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="pagination.html">Pagination Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="parser.html">Template Parser Class</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="#">Security Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="sessions.html">Session Library</a></li> +<li class="toctree-l2"><a class="reference internal" href="table.html">HTML Table Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="trackback.html">Trackback Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="typography.html">Typography Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="unit_testing.html">Unit Testing Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="uri.html">URI Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="user_agent.html">User Agent Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="xmlrpc.html">XML-RPC and XML-RPC Server Classes</a></li> +<li class="toctree-l2"><a class="reference internal" href="zip.html">Zip Encoding Class</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../database/index.html">Database Reference</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../database/examples.html">Quick Start: Usage Examples</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/configuration.html">Database Configuration</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/connecting.html">Connecting to a Database</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/queries.html">Running Queries</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/results.html">Generating Query Results</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/helpers.html">Query Helper Functions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/query_builder.html">Query Builder Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/transactions.html">Transactions</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/metadata.html">Getting MetaData</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/call_function.html">Custom Function Calls</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/caching.html">Query Caching</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/forge.html">Database Manipulation with Database Forge</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/utilities.html">Database Utilities Class</a></li> +<li class="toctree-l2"><a class="reference internal" href="../database/db_driver_reference.html">Database Driver Reference</a></li> +</ul> +</li> +</ul> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../helpers/index.html">Helpers</a><ul> +<li class="toctree-l2"><a class="reference internal" href="../helpers/array_helper.html">Array Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/captcha_helper.html">CAPTCHA Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/cookie_helper.html">Cookie Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/date_helper.html">Date Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/directory_helper.html">Directory Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/download_helper.html">Download Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/email_helper.html">Email Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/file_helper.html">File Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/form_helper.html">Form Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/html_helper.html">HTML Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/inflector_helper.html">Inflector Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/language_helper.html">Language Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/number_helper.html">Number Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/path_helper.html">Path Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/security_helper.html">Security Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/smiley_helper.html">Smiley Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/string_helper.html">String Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/text_helper.html">Text Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/typography_helper.html">Typography Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/url_helper.html">URL Helper</a></li> +<li class="toctree-l2"><a class="reference internal" href="../helpers/xml_helper.html">XML Helper</a></li> +</ul> +</li> +</ul> + + + + </div> + + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> + + + <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">CodeIgniter</a> + </nav> + + + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="breadcrumbs navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html">Docs</a> »</li> + + <li><a href="index.html">Libraries</a> »</li> + + <li>Security Class</li> + <li class="wy-breadcrumbs-aside"> + + </li> + <div style="float:right;margin-left:5px;" id="closeMe"> + <img title="Classic Layout" alt="classic layout" src="data:image/gif;base64,R0lGODlhFAAUAJEAAAAAADMzM////wAAACH5BAUUAAIALAAAAAAUABQAAAImlI+py+0PU5gRBRDM3DxbWoXis42X13USOLauUIqnlsaH/eY6UwAAOw==" /> + </div> + </ul> + <hr/> +</div> + <div role="main" class="document"> + + <div class="section" id="security-class"> +<h1>Security Class<a class="headerlink" href="#security-class" title="Permalink to this headline">¶</a></h1> +<p>The Security Class contains methods that help you create a secure +application, processing input data for security.</p> +<div class="contents local topic" id="contents"> +<ul class="simple"> +<li><a class="reference internal" href="#xss-filtering" id="id1">XSS Filtering</a></li> +<li><a class="reference internal" href="#cross-site-request-forgery-csrf" id="id2">Cross-site request forgery (CSRF)</a></li> +<li><a class="reference internal" href="#class-reference" id="id3">Class Reference</a></li> +</ul> +</div> +<div class="custom-index container"></div><div class="section" id="xss-filtering"> +<h2><a class="toc-backref" href="#id1">XSS Filtering</a><a class="headerlink" href="#xss-filtering" title="Permalink to this headline">¶</a></h2> +<p>CodeIgniter comes with a Cross Site Scripting prevention filter, which +looks for commonly used techniques to trigger JavaScript or other types +of code that attempt to hijack cookies or do other malicious things. +If anything disallowed is encountered it is rendered safe by converting +the data to character entities.</p> +<p>To filter data through the XSS filter use the <code class="docutils literal"><span class="pre">xss_clean()</span></code> method:</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$data</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">xss_clean</span><span class="p">(</span><span class="nv">$data</span><span class="p">);</span> +</pre></div> +</div> +<p>An optional second parameter, <em>is_image</em>, allows this function to be used +to test images for potential XSS attacks, useful for file upload +security. When this second parameter is set to TRUE, instead of +returning an altered string, the function returns TRUE if the image is +safe, and FALSE if it contained potentially malicious information that a +browser may attempt to execute.</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="k">if</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">xss_clean</span><span class="p">(</span><span class="nv">$file</span><span class="p">,</span> <span class="k">TRUE</span><span class="p">)</span> <span class="o">===</span> <span class="k">FALSE</span><span class="p">)</span> +<span class="p">{</span> + <span class="c1">// file failed the XSS test</span> +<span class="p">}</span> +</pre></div> +</div> +<div class="admonition important"> +<p class="first admonition-title">Important</p> +<p class="last">If you want to filter HTML attribute values, use +<a class="reference internal" href="../general/common_functions.html#html_escape" title="html_escape"><code class="xref php php-func docutils literal"><span class="pre">html_escape()</span></code></a> instead!</p> +</div> +</div> +<div class="section" id="cross-site-request-forgery-csrf"> +<h2><a class="toc-backref" href="#id2">Cross-site request forgery (CSRF)</a><a class="headerlink" href="#cross-site-request-forgery-csrf" title="Permalink to this headline">¶</a></h2> +<p>You can enable CSRF protection by altering your <strong>application/config/config.php</strong> +file in the following way:</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_protection'</span><span class="p">]</span> <span class="o">=</span> <span class="k">TRUE</span><span class="p">;</span> +</pre></div> +</div> +<p>If you use the <a class="reference internal" href="../helpers/form_helper.html"><span class="doc">form helper</span></a>, then +<code class="xref py py-func docutils literal"><span class="pre">form_open()</span></code> will automatically insert a hidden csrf field in +your forms. If not, then you can use <code class="docutils literal"><span class="pre">get_csrf_token_name()</span></code> +and <code class="docutils literal"><span class="pre">get_csrf_hash()</span></code></p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$csrf</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span> + <span class="s1">'name'</span> <span class="o">=></span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">get_csrf_token_name</span><span class="p">(),</span> + <span class="s1">'hash'</span> <span class="o">=></span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">get_csrf_hash</span><span class="p">()</span> +<span class="p">);</span> + +<span class="o">...</span> + +<span class="o"><</span><span class="nx">input</span> <span class="nx">type</span><span class="o">=</span><span class="s2">"hidden"</span> <span class="nx">name</span><span class="o">=</span><span class="s2">"<?=</span><span class="si">$csrf['name']</span><span class="s2">;?>"</span> <span class="nx">value</span><span class="o">=</span><span class="s2">"<?=</span><span class="si">$csrf['hash']</span><span class="s2">;?>"</span> <span class="o">/></span> +</pre></div> +</div> +<p>Tokens may be either regenerated on every submission (default) or +kept the same throughout the life of the CSRF cookie. The default +regeneration of tokens provides stricter security, but may result +in usability concerns as other tokens become invalid (back/forward +navigation, multiple tabs/windows, asynchronous actions, etc). You +may alter this behavior by editing the following config parameter</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_regenerate'</span><span class="p">]</span> <span class="o">=</span> <span class="k">TRUE</span><span class="p">;</span> +</pre></div> +</div> +<p>Select URIs can be whitelisted from csrf protection (for example API +endpoints expecting externally POSTed content). You can add these URIs +by editing the ‘csrf_exclude_uris’ config parameter:</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_exclude_uris'</span><span class="p">]</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span><span class="s1">'api/person/add'</span><span class="p">);</span> +</pre></div> +</div> +<p>Regular expressions are also supported (case-insensitive):</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_exclude_uris'</span><span class="p">]</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span> + <span class="s1">'api/record/[0-9]+'</span><span class="p">,</span> + <span class="s1">'api/title/[a-z]+'</span> +<span class="p">);</span> +</pre></div> +</div> +</div> +<div class="section" id="class-reference"> +<h2><a class="toc-backref" href="#id3">Class Reference</a><a class="headerlink" href="#class-reference" title="Permalink to this headline">¶</a></h2> +<dl class="class"> +<dt id="CI_Security"> +<em class="property">class </em><code class="descname">CI_Security</code><a class="headerlink" href="#CI_Security" title="Permalink to this definition">¶</a></dt> +<dd><dl class="method"> +<dt id="CI_Security::xss_clean"> +<code class="descname">xss_clean</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$is_image = FALSE</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::xss_clean" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple"> +<li><strong>$str</strong> (<em>mixed</em>) – Input string or an array of strings</li> +</ul> +</td> +</tr> +<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">XSS-clean data</p> +</td> +</tr> +<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">mixed</p> +</td> +</tr> +</tbody> +</table> +<p>Tries to remove XSS exploits from the input data and returns the cleaned string. +If the optional second parameter is set to true, it will return boolean TRUE if +the image is safe to use and FALSE if malicious data was detected in it.</p> +<div class="admonition important"> +<p class="first admonition-title">Important</p> +<p class="last">This method is not suitable for filtering HTML attribute values! +Use <a class="reference internal" href="../general/common_functions.html#html_escape" title="html_escape"><code class="xref php php-func docutils literal"><span class="pre">html_escape()</span></code></a> for that instead.</p> +</div> +</dd></dl> + +<dl class="method"> +<dt id="CI_Security::sanitize_filename"> +<code class="descname">sanitize_filename</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$relative_path = FALSE</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::sanitize_filename" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple"> +<li><strong>$str</strong> (<em>string</em>) – File name/path</li> +<li><strong>$relative_path</strong> (<em>bool</em>) – Whether to preserve any directories in the file path</li> +</ul> +</td> +</tr> +<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">Sanitized file name/path</p> +</td> +</tr> +<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p> +</td> +</tr> +</tbody> +</table> +<p>Tries to sanitize filenames in order to prevent directory traversal attempts +and other security threats, which is particularly useful for files that were supplied via user input.</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$filename</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">sanitize_filename</span><span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">input</span><span class="o">-></span><span class="na">post</span><span class="p">(</span><span class="s1">'filename'</span><span class="p">));</span> +</pre></div> +</div> +<p>If it is acceptable for the user input to include relative paths, e.g. +<em>file/in/some/approved/folder.txt</em>, you can set the second optional parameter, <code class="docutils literal"><span class="pre">$relative_path</span></code> to TRUE.</p> +<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$filename</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">sanitize_filename</span><span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">input</span><span class="o">-></span><span class="na">post</span><span class="p">(</span><span class="s1">'filename'</span><span class="p">),</span> <span class="k">TRUE</span><span class="p">);</span> +</pre></div> +</div> +</dd></dl> + +<dl class="method"> +<dt id="CI_Security::get_csrf_token_name"> +<code class="descname">get_csrf_token_name</code><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_csrf_token_name" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Returns:</th><td class="field-body">CSRF token name</td> +</tr> +<tr class="field-even field"><th class="field-name">Return type:</th><td class="field-body">string</td> +</tr> +</tbody> +</table> +<p>Returns the CSRF token name (the <code class="docutils literal"><span class="pre">$config['csrf_token_name']</span></code> value).</p> +</dd></dl> + +<dl class="method"> +<dt id="CI_Security::get_csrf_hash"> +<code class="descname">get_csrf_hash</code><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_csrf_hash" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Returns:</th><td class="field-body">CSRF hash</td> +</tr> +<tr class="field-even field"><th class="field-name">Return type:</th><td class="field-body">string</td> +</tr> +</tbody> +</table> +<p>Returns the CSRF hash value. Useful in combination with <code class="docutils literal"><span class="pre">get_csrf_token_name()</span></code> +for manually building forms or sending valid AJAX POST requests.</p> +</dd></dl> + +<dl class="method"> +<dt id="CI_Security::entity_decode"> +<code class="descname">entity_decode</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$charset = NULL</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::entity_decode" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple"> +<li><strong>$str</strong> (<em>string</em>) – Input string</li> +<li><strong>$charset</strong> (<em>string</em>) – Character set of the input string</li> +</ul> +</td> +</tr> +<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">Entity-decoded string</p> +</td> +</tr> +<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p> +</td> +</tr> +</tbody> +</table> +<p>This method acts a lot like PHP’s own native <code class="docutils literal"><span class="pre">html_entity_decode()</span></code> function in ENT_COMPAT mode, only +it tries to detect HTML entities that don’t end in a semicolon because some browsers allow that.</p> +<p>If the <code class="docutils literal"><span class="pre">$charset</span></code> parameter is left empty, then your configured <code class="docutils literal"><span class="pre">$config['charset']</span></code> value will be used.</p> +</dd></dl> + +<dl class="method"> +<dt id="CI_Security::get_random_bytes"> +<code class="descname">get_random_bytes</code><span class="sig-paren">(</span><em>$length</em><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_random_bytes" title="Permalink to this definition">¶</a></dt> +<dd><table class="docutils field-list" frame="void" rules="none"> +<col class="field-name" /> +<col class="field-body" /> +<tbody valign="top"> +<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple"> +<li><strong>$length</strong> (<em>int</em>) – Output length</li> +</ul> +</td> +</tr> +<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">A binary stream of random bytes or FALSE on failure</p> +</td> +</tr> +<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p> +</td> +</tr> +</tbody> +</table> +<p>A convenience method for getting proper random bytes via <code class="docutils literal"><span class="pre">mcrypt_create_iv()</span></code>, +<code class="docutils literal"><span class="pre">/dev/urandom</span></code> or <code class="docutils literal"><span class="pre">openssl_random_pseudo_bytes()</span></code> (in that order), if one +of them is available.</p> +<p>Used for generating CSRF and XSS tokens.</p> +<div class="admonition note"> +<p class="first admonition-title">Note</p> +<p class="last">The output is NOT guaranteed to be cryptographically secure, +just the best attempt at that.</p> +</div> +</dd></dl> + +</dd></dl> + +</div> +</div> + + + </div> + <footer> + + <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> + + <a href="sessions.html" class="btn btn-neutral float-right" title="Session Library">Next <span class="fa fa-arrow-circle-right"></span></a> + + + <a href="parser.html" class="btn btn-neutral" title="Template Parser Class"><span class="fa fa-arrow-circle-left"></span> Previous</a> + + </div> + + + <hr/> + + <div role="contentinfo"> + <p> + © Copyright 2014 - 2019, British Columbia Institute of Technology. + Last updated on Jan 16, 2019. + </p> + </div> + + Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. + +</footer> + </div> + </div> + + </section> + + </div> + + + + + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT:'../', + VERSION:'3.1.10', + COLLAPSE_INDEX:false, + FILE_SUFFIX:'.html', + HAS_SOURCE: false + }; + </script> + <script type="text/javascript" src="../_static/jquery.js"></script> + <script type="text/javascript" src="../_static/underscore.js"></script> + <script type="text/javascript" src="../_static/doctools.js"></script> + + + + + + <script type="text/javascript" src="../_static/js/theme.js"></script> + + + + + <script type="text/javascript"> + jQuery(function () { + SphinxRtdTheme.StickyNav.enable(); + }); + </script> + + +</body> +</html>
\ No newline at end of file |