+ +
+

Security Helper

+

The Security Helper file contains security related functions.

+ +
+

Loading this Helper

+

This helper is loaded using the following code:

+
$this->load->helper('security');
+
+
+
+
+

Available Functions

+

The following functions are available:

+
+
+xss_clean($str[, $is_image = FALSE])
+
+++ + + + + + + + +
Parameters:
    +
  • $str (string) – Input data
  • +
  • $is_image (bool) – Whether we’re dealing with an image
  • +
+
Returns:

XSS-clean string

+
Return type:

string

+
+

Provides Cross Site Script Hack filtering.

+

This function is an alias for CI_Input::xss_clean(). For more info, +please see the Input Library documentation.

+
+ +
+
+sanitize_filename($filename)
+
+++ + + + + + + + +
Parameters:
    +
  • $filename (string) – Filename
  • +
+
Returns:

Sanitized file name

+
Return type:

string

+
+

Provides protection against directory traversal.

+

This function is an alias for CI_Security::sanitize_filename(). +For more info, please see the Security Library +documentation.

+
+ +
+
+do_hash($str[, $type = 'sha1'])
+
+++ + + + + + + + +
Parameters:
    +
  • $str (string) – Input
  • +
  • $type (string) – Algorithm
  • +
+
Returns:

Hex-formatted hash

+
Return type:

string

+
+

Permits you to create one way hashes suitable for encrypting +passwords. Will use SHA1 by default.

+

See hash_algos() +for a full list of supported algorithms.

+

Examples:

+
$str = do_hash($str); // SHA1
+$str = do_hash($str, 'md5'); // MD5
+
+
+
+

Note

+

This function was formerly named dohash(), which has been +removed in favor of do_hash().

+
+
+

Note

+

This function is DEPRECATED. Use the native hash() instead.

+
+
+ +
+
+strip_image_tags($str)
+
+++ + + + + + + + +
Parameters:
    +
  • $str (string) – Input string
  • +
+
Returns:

The input string with no image tags

+
Return type:

string

+
+

This is a security function that will strip image tags from a string. +It leaves the image URL as plain text.

+

Example:

+
$string = strip_image_tags($string);
+
+
+

This function is an alias for CI_Security::strip_image_tags(). For +more info, please see the Security Library +documentation.

+
+ +
+
+encode_php_tags($str)
+
+++ + + + + + + + +
Parameters:
    +
  • $str (string) – Input string
  • +
+
Returns:

Safely formatted string

+
Return type:

string

+
+

This is a security function that converts PHP tags to entities.

+
+

Note

+

xss_clean() does this automatically, if you use it.

+
+

Example:

+
$string = encode_php_tags($string);
+
+
+
+ +
+
+ + +