Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 6b488674368cf695a228e87e7d8e0f4f40fe4181 / . / system / helpers / security_helper.php
blob: 678dac8219b29a0132846bdd7c9859718ca912be [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
Greg Aker741de1c2010-11-10 14:52:57 -0600[diff] [blame]5 * An open source application development framework for PHP 5.1.6 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
7 * @package CodeIgniter
8 * @author ExpressionEngine Dev Team
Greg Aker0711dc82011-01-05 10:49:40 -0600[diff] [blame]9 * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * CodeIgniter Security Helpers
20 *
21 * @package CodeIgniter
22 * @subpackage Helpers
23 * @category Helpers
24 * @author ExpressionEngine Dev Team
25 * @link http://codeigniter.com/user_guide/helpers/security_helper.html
26 */
27
28// ------------------------------------------------------------------------
29
30/**
31 * XSS Filtering
32 *
33 * @access public
34 * @param string
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]35 * @param bool whether or not the content is an image file
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]36 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]37 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]38if ( ! function_exists('xss_clean'))
39{
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]40 function xss_clean($str, $is_image = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]41 {
42 $CI =& get_instance();
Derek Jones11b1e512010-03-05 10:22:44 -0600[diff] [blame]43 return $CI->security->xss_clean($str, $is_image);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]44 }
45}
46
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]47// ------------------------------------------------------------------------
48
49/**
50 * Sanitize Filename
51 *
52 * @access public
53 * @param string
54 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]55 */
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]56if ( ! function_exists('sanitize_filename'))
57{
58 function sanitize_filename($filename)
59 {
60 $CI =& get_instance();
61 return $CI->security->sanitize_filename($filename);
62 }
63}
64
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]65// --------------------------------------------------------------------
66
67/**
68 * Hash encode a string
69 *
70 * @access public
71 * @param string
72 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]73 */
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]74if ( ! function_exists('do_hash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]75{
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]76 function do_hash($str, $type = 'sha1')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]77 {
78 if ($type == 'sha1')
79 {
Pascal Kriete6b488672011-04-05 15:02:15 -0400[diff] [blame^]80 return sha1($str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]81 }
82 else
83 {
84 return md5($str);
85 }
86 }
87}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]88
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]89// ------------------------------------------------------------------------
90
91/**
92 * Strip Image Tags
93 *
94 * @access public
95 * @param string
96 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]97 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]98if ( ! function_exists('strip_image_tags'))
99{
100 function strip_image_tags($str)
101 {
102 $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
103 $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]104
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]105 return $str;
106 }
107}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]108
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]109// ------------------------------------------------------------------------
110
111/**
112 * Convert PHP tags to entities
113 *
114 * @access public
115 * @param string
116 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]117 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]118if ( ! function_exists('encode_php_tags'))
119{
120 function encode_php_tags($str)
121 {
122 return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
123 }
124}
125
126
127/* End of file security_helper.php */
Derek Jonesa3ffbbb2008-05-11 18:18:29 +0000[diff] [blame]128/* Location: ./system/helpers/security_helper.php */