diff options
Diffstat (limited to 'user_guide_src/source/helpers/security_helper.rst')
-rw-r--r-- | user_guide_src/source/helpers/security_helper.rst | 76 |
1 files changed, 56 insertions, 20 deletions
diff --git a/user_guide_src/source/helpers/security_helper.rst b/user_guide_src/source/helpers/security_helper.rst index b1bcf2b4a..21bf53490 100644 --- a/user_guide_src/source/helpers/security_helper.rst +++ b/user_guide_src/source/helpers/security_helper.rst @@ -9,9 +9,7 @@ The Security Helper file contains security related functions. Loading this Helper =================== -This helper is loaded using the following code - -:: +This helper is loaded using the following code:: $this->load->helper('security'); @@ -20,49 +18,87 @@ The following functions are available: xss_clean() =========== -Provides Cross Site Script Hack filtering. This function is an alias to -the one in the :doc:`Input class <../libraries/input>`. More info can -be found there. +.. php:function:: xss_clean($str, $is_image = FALSE) + + :param string $str: Input data + :param bool $is_image: Whether we're dealing with an image + :returns: string + +Provides Cross Site Script Hack filtering. + +This function is an alias for ``CI_Input::xss_clean()``. For more info, +please see the :doc:`Input Library <../libraries/input>` documentation. sanitize_filename() =================== -Provides protection against directory traversal. This function is an -alias to the one in the :doc:`Security class <../libraries/security>`. -More info can be found there. +.. php:function:: sanitize_filename($filename) + + :param string $filename: Filename + :returns: string + +Provides protection against directory traversal. + +This function is an alias for ``CI_Security::sanitize_filename()``. +For more info, please see the :doc:`Security Library <../libraries/security>` +documentation. do_hash() ========= +.. php:function:: do_hash($str, $type = 'sha1') + + :param string $str: Input + :param string $type: Algorithm + :returns: string + Permits you to create one way hashes suitable for encrypting -passwords. Will create SHA1 by default. See `hash_algos() <http://php.net/function.hash_algos>`_ +passwords. Will use SHA1 by default. + +See `hash_algos() <http://php.net/function.hash_algos>`_ for a full list of supported algorithms. -:: +Examples:: $str = do_hash($str); // SHA1 $str = do_hash($str, 'md5'); // MD5 -.. note:: This function was formerly named dohash(), which has been - removed in favor of `do_hash()`. +.. note:: This function was formerly named ``dohash()``, which has been + removed in favor of ``do_hash()``. + +.. note:: This function is DEPRECATED. Use the native ``hash()`` instead. strip_image_tags() ================== -This is a security function that will strip image tags from a string. It -leaves the image URL as plain text. +.. php:function:: strip_image_tags($str) + + :param string $str: Input + :returns: string -:: +This is a security function that will strip image tags from a string. +It leaves the image URL as plain text. + +Example:: $string = strip_image_tags($string); +This function is an alias for ``CI_Security::strip_image_tags()``. For +more info, please see the :doc:`Security Library <../libraries/security>` +documentation. + encode_php_tags() ================= -This is a security function that converts PHP tags to entities. Note: If -you use the XSS filtering function it does this automatically. +.. php:function:: encode_php_tags($str) + + :param string $str: Input + :returns: string + +This is a security function that converts PHP tags to entities. -:: +.. note: :php:func:`xss_clean()` does this automatically, if you use it. - $string = encode_php_tags($string); +Example:: + $string = encode_php_tags($string);
\ No newline at end of file |