summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r--user_guide_src/source/libraries/input.rst6
-rw-r--r--user_guide_src/source/libraries/security.rst11
-rw-r--r--user_guide_src/source/libraries/typography.rst4
3 files changed, 14 insertions, 7 deletions
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index 8a0b5f286..7f762e9f0 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -242,7 +242,7 @@ Class Reference
This method is identical to ``get()``, ``post()`` and ``cookie()``,
only it fetches the *php://input* stream data.
- .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = 0[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
+ .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = 0[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]])
:param mixed $name: Cookie name or an array of parameters
:param string $value: Cookie value
@@ -295,8 +295,8 @@ Class Reference
The prefix is only needed if you need to avoid name collisions with
other identically named cookies for your server.
- The secure boolean is only needed if you want to make it a secure cookie
- by setting it to TRUE.
+ The *httponly* and *secure* flags, when omitted, will default to your
+ ``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings.
**Discrete Parameters**
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index f7604ef00..fc5cba19d 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -40,6 +40,9 @@ browser may attempt to execute.
// file failed the XSS test
}
+.. important:: If you want to filter HTML attribute values, use
+ :php:func:`html_escape()` instead!
+
*********************************
Cross-site request forgery (CSRF)
*********************************
@@ -101,7 +104,11 @@ Class Reference
:rtype: mixed
Tries to remove XSS exploits from the input data and returns the cleaned string.
- If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.
+ If the optional second parameter is set to true, it will return boolean TRUE if
+ the image is safe to use and FALSE if malicious data was detected in it.
+
+ .. important:: This method is not suitable for filtering HTML attribute vales!
+ Use :php:func:`html_escape()` for that instead.
.. php:method:: sanitize_filename($str[, $relative_path = FALSE])
@@ -162,4 +169,4 @@ Class Reference
Used for generating CSRF and XSS tokens.
.. note:: The output is NOT guaranteed to be cryptographically secure,
- just the best attempt at that. \ No newline at end of file
+ just the best attempt at that.
diff --git a/user_guide_src/source/libraries/typography.rst b/user_guide_src/source/libraries/typography.rst
index 1d1e4f3c4..9e1386835 100644
--- a/user_guide_src/source/libraries/typography.rst
+++ b/user_guide_src/source/libraries/typography.rst
@@ -44,7 +44,7 @@ Class Reference
$this->load->library('typography');
$this->typography->protect_braced_quotes = TRUE;
- .. method auto_typography($str[, $reduce_linebreaks = FALSE])
+ .. php:method:: auto_typography($str[, $reduce_linebreaks = FALSE])
:param string $str: Input string
:param bool $reduce_linebreaks: Whether to reduce consequitive linebreaks
@@ -104,4 +104,4 @@ Class Reference
Usage example::
- $string = $this->typography->nl2br_except_pre($string); \ No newline at end of file
+ $string = $this->typography->nl2br_except_pre($string);