Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 74fc69384aea5f5712e1d2e5c17bee8ef8128bce / . / system / helpers / security_helper.php
blob: b931c3393562b1752822edfb79fd9efc7a3d5eac [file] [log] [blame]
Andrey Andreevc5536aa2012-11-01 17:33:58 +0200[diff] [blame]1<?php
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]2/**
3 * CodeIgniter
4 *
Andrey Andreevfe9309d2015-01-09 17:48:58 +0200[diff] [blame]5 * An open source application development framework for PHP
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]7 * This content is released under the MIT License (MIT)
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]8 *
Instructor, BCIT0e59db62019-01-01 08:34:36 -0800[diff] [blame]9 * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
Andrey Andreeva381d172012-01-06 19:19:37 +0200[diff] [blame]10 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]11 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]17 *
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]18 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 *
29 * @package CodeIgniter
30 * @author EllisLab Dev Team
Andrey Andreev1924e872016-01-11 12:55:34 +0200[diff] [blame]31 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
Instructor, BCIT0e59db62019-01-01 08:34:36 -0800[diff] [blame]32 * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
33 * @license https://opensource.org/licenses/MIT MIT License
Andrey Andreevbd202c92016-01-11 12:50:18 +0200[diff] [blame]34 * @link https://codeigniter.com
Andrey Andreevbdb96ca2014-10-28 00:13:31 +0200[diff] [blame]35 * @since Version 1.0.0
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]36 * @filesource
37 */
Andrey Andreevc5536aa2012-11-01 17:33:58 +0200[diff] [blame]38defined('BASEPATH') OR exit('No direct script access allowed');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]39
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]40/**
41 * CodeIgniter Security Helpers
42 *
43 * @package CodeIgniter
44 * @subpackage Helpers
45 * @category Helpers
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]46 * @author EllisLab Dev Team
Andrey Andreevbd202c92016-01-11 12:50:18 +0200[diff] [blame]47 * @link https://codeigniter.com/user_guide/helpers/security_helper.html
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]48 */
49
50// ------------------------------------------------------------------------
51
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]52if ( ! function_exists('xss_clean'))
53{
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]54 /**
55 * XSS Filtering
56 *
57 * @param string
58 * @param bool whether or not the content is an image file
59 * @return string
60 */
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]61 function xss_clean($str, $is_image = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]62 {
Andrey Andreev119d8a72014-01-08 15:27:53 +0200[diff] [blame]63 return get_instance()->security->xss_clean($str, $is_image);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]64 }
65}
66
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]67// ------------------------------------------------------------------------
68
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]69if ( ! function_exists('sanitize_filename'))
70{
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]71 /**
72 * Sanitize Filename
73 *
74 * @param string
75 * @return string
76 */
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]77 function sanitize_filename($filename)
78 {
Andrey Andreev119d8a72014-01-08 15:27:53 +0200[diff] [blame]79 return get_instance()->security->sanitize_filename($filename);
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]80 }
81}
82
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]83// --------------------------------------------------------------------
84
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]85if ( ! function_exists('do_hash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]86{
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]87 /**
88 * Hash encode a string
89 *
Andrey Andreev29d909d2012-10-27 01:05:09 +0300[diff] [blame]90 * @todo Remove in version 3.1+.
91 * @deprecated 3.0.0 Use PHP's native hash() instead.
92 * @param string $str
93 * @param string $type = 'sha1'
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]94 * @return string
95 */
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]96 function do_hash($str, $type = 'sha1')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]97 {
Andrey Andreev7eea3062012-03-19 12:58:45 +0200[diff] [blame]98 if ( ! in_array(strtolower($type), hash_algos()))
Andrey Andreev50bff7c2012-03-19 12:16:38 +0200[diff] [blame]99 {
100 $type = 'md5';
101 }
102
freewil8840c962012-03-18 15:23:09 -0400[diff] [blame]103 return hash($type, $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]104 }
105}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]106
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]107// ------------------------------------------------------------------------
108
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]109if ( ! function_exists('strip_image_tags'))
110{
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]111 /**
112 * Strip Image Tags
113 *
114 * @param string
115 * @return string
116 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]117 function strip_image_tags($str)
118 {
Andrey Andreev119d8a72014-01-08 15:27:53 +0200[diff] [blame]119 return get_instance()->security->strip_image_tags($str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]120 }
121}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]122
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]123// ------------------------------------------------------------------------
124
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]125if ( ! function_exists('encode_php_tags'))
126{
Timothy Warrenb75faa12012-04-27 12:03:32 -0400[diff] [blame]127 /**
128 * Convert PHP tags to entities
129 *
130 * @param string
131 * @return string
132 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]133 function encode_php_tags($str)
134 {
vkeranov3c298dc2012-07-12 11:04:02 +0300[diff] [blame]135 return str_replace(array('<?', '?>'), array('&lt;?', '?&gt;'), $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]136 }
137}