From 4b9c62980599228f070b401c7673dce8085b0c61 Mon Sep 17 00:00:00 2001
From: Derek Jones
CodeIgniter is fairly restrictive regarding which characters it allows in your URI strings in order to help -minimize the possibility that malicious data can be passed to your application. URIs may only contain the following: +minimize the possibility that malicious data can be passed to your application. URIs may only contain the following:
GET data is simply disallowed by CodeIgniter since the system utilizes URI segments rather than traditional URL query strings (unless -you have the query string option enabled in your config file). The global GET +you have the query string option enabled in your config file). The global GET array is unset by the Input class during system initialization.
- In production environments, it is typically desirable to disable PHP's - error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP - errors from being rendered as output, which may potentially contain - sensitive information. + In production environments, it is typically desirable to disable PHP's + error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP + errors from being rendered as output, which may potentially contain + sensitive information.
- Setting CodeIgniter's ENVIRONMENT constant in index.php to a - value of 'production' will turn off these errors. In development - mode, it is recommended that a value of 'development' is used. - More information about differentiating between environments can be found - on the Handling Environments page. + Setting CodeIgniter's ENVIRONMENT constant in index.php to a + value of 'production' will turn off these errors. In development + mode, it is recommended that a value of 'development' is used. + More information about differentiating between environments can be found + on the Handling Environments page.
CodeIgniter comes with a Cross Site Scripting filter. This filter looks for commonly +
CodeIgniter comes with a Cross Site Scripting filter. This filter looks for commonly used techniques to embed malicious Javascript into your data, or other types of code that attempt to hijack cookies or do other malicious things. The XSS Filter is described here.
-- cgit v1.2.3-24-g4f1b