Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 50bff7c06c177f580db956ef5df9a490141de5f6 / . / system / helpers / security_helper.php
blob: 2f3df78348514830b2f60e953d840383bb51a33a [file] [log] [blame]
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]2/**
3 * CodeIgniter
4 *
Phil Sturgeon07c1ac82012-03-09 17:03:37 +0000[diff] [blame]5 * An open source application development framework for PHP 5.2.4 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]7 * NOTICE OF LICENSE
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]8 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]9 * Licensed under the Open Software License version 3.0
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]10 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]11 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]19 * @package CodeIgniter
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]20 * @author EllisLab Dev Team
Greg Aker0defe5d2012-01-01 18:46:41 -0600[diff] [blame]21 * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]22 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]23 * @link http://codeigniter.com
24 * @since Version 1.0
25 * @filesource
26 */
27
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]28/**
29 * CodeIgniter Security Helpers
30 *
31 * @package CodeIgniter
32 * @subpackage Helpers
33 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]34 * @author EllisLab Dev Team
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]35 * @link http://codeigniter.com/user_guide/helpers/security_helper.html
36 */
37
38// ------------------------------------------------------------------------
39
40/**
41 * XSS Filtering
42 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]43 * @param string
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]44 * @param bool whether or not the content is an image file
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]45 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]46 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]47if ( ! function_exists('xss_clean'))
48{
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]49 function xss_clean($str, $is_image = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]50 {
51 $CI =& get_instance();
Derek Jones11b1e512010-03-05 10:22:44 -0600[diff] [blame]52 return $CI->security->xss_clean($str, $is_image);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]53 }
54}
55
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]56// ------------------------------------------------------------------------
57
58/**
59 * Sanitize Filename
60 *
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]61 * @param string
62 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]63 */
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]64if ( ! function_exists('sanitize_filename'))
65{
66 function sanitize_filename($filename)
67 {
68 $CI =& get_instance();
69 return $CI->security->sanitize_filename($filename);
70 }
71}
72
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]73// --------------------------------------------------------------------
74
75/**
76 * Hash encode a string
77 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]78 * @param string
79 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]80 */
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]81if ( ! function_exists('do_hash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]82{
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]83 function do_hash($str, $type = 'sha1')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]84 {
Andrey Andreev50bff7c2012-03-19 12:16:38 +0200[diff] [blame^]85 if ( ! in_array($type, hash_algos()))
86 {
87 $type = 'md5';
88 }
89
freewil8840c962012-03-18 15:23:09 -0400[diff] [blame]90 return hash($type, $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]91 }
92}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]93
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]94// ------------------------------------------------------------------------
95
96/**
97 * Strip Image Tags
98 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]99 * @param string
100 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]101 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]102if ( ! function_exists('strip_image_tags'))
103{
104 function strip_image_tags($str)
105 {
Andrey Andreev50bff7c2012-03-19 12:16:38 +0200[diff] [blame^]106 return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]107 }
108}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]109
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]110// ------------------------------------------------------------------------
111
112/**
113 * Convert PHP tags to entities
114 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]115 * @param string
116 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]117 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]118if ( ! function_exists('encode_php_tags'))
119{
120 function encode_php_tags($str)
121 {
Derek Jones37f4b9c2011-07-01 17:56:50 -0500[diff] [blame]122 return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]123 }
124}
125
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]126/* End of file security_helper.php */
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]127/* Location: ./system/helpers/security_helper.php */