blob: 103880cf9cc58cdccedafa13997e15db154ba5b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
###############
Security Helper
###############
The Security Helper file contains security related functions.
.. contents::
:local:
.. raw:: html
<div class="custom-index container"></div>
Loading this Helper
===================
This helper is loaded using the following code::
$this->load->helper('security');
Available Functions
===================
The following functions are available:
.. php:function:: xss_clean($str[, $is_image = FALSE])
:param string $str: Input data
:param bool $is_image: Whether we're dealing with an image
:returns: XSS-clean string
:rtype: string
Provides Cross Site Script Hack filtering.
This function is an alias for ``CI_Input::xss_clean()``. For more info,
please see the :doc:`Input Library <../libraries/input>` documentation.
.. php:function:: sanitize_filename($filename)
:param string $filename: Filename
:returns: Sanitized file name
:rtype: string
Provides protection against directory traversal.
This function is an alias for ``CI_Security::sanitize_filename()``.
For more info, please see the :doc:`Security Library <../libraries/security>`
documentation.
.. php:function:: do_hash($str[, $type = 'sha1'])
:param string $str: Input
:param string $type: Algorithm
:returns: Hex-formatted hash
:rtype: string
Permits you to create one way hashes suitable for encrypting
passwords. Will use SHA1 by default.
See `hash_algos() <http://php.net/function.hash_algos>`_
for a full list of supported algorithms.
Examples::
$str = do_hash($str); // SHA1
$str = do_hash($str, 'md5'); // MD5
.. note:: This function was formerly named ``dohash()``, which has been
removed in favor of ``do_hash()``.
.. note:: This function is DEPRECATED. Use the native ``hash()`` instead.
.. php:function:: strip_image_tags($str)
:param string $str: Input string
:returns: The input string with no image tags
:rtype: string
This is a security function that will strip image tags from a string.
It leaves the image URL as plain text.
Example::
$string = strip_image_tags($string);
This function is an alias for ``CI_Security::strip_image_tags()``. For
more info, please see the :doc:`Security Library <../libraries/security>`
documentation.
.. php:function:: encode_php_tags($str)
:param string $str: Input string
:returns: Safely formatted string
:rtype: string
This is a security function that converts PHP tags to entities.
.. note:: :php:func:`xss_clean()` does this automatically, if you use it.
Example::
$string = encode_php_tags($string);
|
