Blame - user_guide/libraries/security.html - code-igniter-v3-giggi

blob: 7177b1ce13e69435c6eb6c21bc56f7011f4f068a [file] [log] [blame]

Andrey Andreev	c576995	2019-01-16 17:49:35 +0200	[diff] [blame]	1
				2
				3	<!DOCTYPE html>
				4	<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
				5	<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
				6	<head>
				7	<meta charset="utf-8">
				8	<meta name="viewport" content="width=device-width, initial-scale=1.0">
				9
				10	<title>Security Class — CodeIgniter 3.1.10 documentation</title>
				11
				12
				13
				14
				15	<link rel="shortcut icon" href="../_static/ci-icon.ico"/>
				16
				17
				18
				19	<link href='https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic\|Roboto+Slab:400,700\|Inconsolata:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'>
				20
				21
				22
				23
				24
				25
				26
				27
				28
				29	<link rel="stylesheet" href="../_static/css/citheme.css" type="text/css" />
				30
				31
				32
				33	<link rel="index" title="Index"
				34	href="../genindex.html"/>
				35	<link rel="search" title="Search" href="../search.html"/>
				36	<link rel="top" title="CodeIgniter 3.1.10 documentation" href="../index.html"/>
				37	<link rel="up" title="Libraries" href="index.html"/>
				38	<link rel="next" title="Session Library" href="sessions.html"/>
				39	<link rel="prev" title="Template Parser Class" href="parser.html"/>
				40
				41
				42	<script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.6.2/modernizr.min.js"></script>
				43
				44	</head>
				45
				46	<body class="wy-body-for-nav" role="document">
				47
				48	<div id="nav">
				49	<div id="nav_inner">
				50
				51
				52
				53	<div id="pulldown-menu" class="ciNav">
				54	<ul>
				55	<li class="toctree-l1"><a class="reference internal" href="../general/welcome.html">Welcome to CodeIgniter</a></li>
				56	</ul>
				57	<ul>
				58	<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation Instructions</a><ul>
				59	<li class="toctree-l2"><a class="reference internal" href="../installation/downloads.html">Downloading CodeIgniter</a></li>
				60	<li class="toctree-l2"><a class="reference internal" href="../installation/index.html">Installation Instructions</a></li>
				61	<li class="toctree-l2"><a class="reference internal" href="../installation/upgrading.html">Upgrading From a Previous Version</a></li>
				62	<li class="toctree-l2"><a class="reference internal" href="../installation/troubleshooting.html">Troubleshooting</a></li>
				63	</ul>
				64	</li>
				65	</ul>
				66	<ul>
				67	<li class="toctree-l1"><a class="reference internal" href="../overview/index.html">CodeIgniter Overview</a><ul>
				68	<li class="toctree-l2"><a class="reference internal" href="../overview/getting_started.html">Getting Started</a></li>
				69	<li class="toctree-l2"><a class="reference internal" href="../overview/at_a_glance.html">CodeIgniter at a Glance</a></li>
				70	<li class="toctree-l2"><a class="reference internal" href="../overview/features.html">Supported Features</a></li>
				71	<li class="toctree-l2"><a class="reference internal" href="../overview/appflow.html">Application Flow Chart</a></li>
				72	<li class="toctree-l2"><a class="reference internal" href="../overview/mvc.html">Model-View-Controller</a></li>
				73	<li class="toctree-l2"><a class="reference internal" href="../overview/goals.html">Architectural Goals</a></li>
				74	</ul>
				75	</li>
				76	</ul>
				77	<ul>
				78	<li class="toctree-l1"><a class="reference internal" href="../tutorial/index.html">Tutorial</a><ul>
				79	<li class="toctree-l2"><a class="reference internal" href="../tutorial/static_pages.html">Static pages</a></li>
				80	<li class="toctree-l2"><a class="reference internal" href="../tutorial/news_section.html">News section</a></li>
				81	<li class="toctree-l2"><a class="reference internal" href="../tutorial/create_news_items.html">Create news items</a></li>
				82	<li class="toctree-l2"><a class="reference internal" href="../tutorial/conclusion.html">Conclusion</a></li>
				83	</ul>
				84	</li>
				85	</ul>
				86	<ul>
				87	<li class="toctree-l1"><a class="reference internal" href="../contributing/index.html">Contributing to CodeIgniter</a><ul>
				88	<li class="toctree-l2"><a class="reference internal" href="../documentation/index.html">Writing CodeIgniter Documentation</a></li>
				89	<li class="toctree-l2"><a class="reference internal" href="../DCO.html">Developer’s Certificate of Origin 1.1</a></li>
				90	</ul>
				91	</li>
				92	</ul>
				93	<ul>
				94	<li class="toctree-l1"><a class="reference internal" href="../general/index.html">General Topics</a><ul>
				95	<li class="toctree-l2"><a class="reference internal" href="../general/urls.html">CodeIgniter URLs</a></li>
				96	<li class="toctree-l2"><a class="reference internal" href="../general/controllers.html">Controllers</a></li>
				97	<li class="toctree-l2"><a class="reference internal" href="../general/reserved_names.html">Reserved Names</a></li>
				98	<li class="toctree-l2"><a class="reference internal" href="../general/views.html">Views</a></li>
				99	<li class="toctree-l2"><a class="reference internal" href="../general/models.html">Models</a></li>
				100	<li class="toctree-l2"><a class="reference internal" href="../general/helpers.html">Helpers</a></li>
				101	<li class="toctree-l2"><a class="reference internal" href="../general/libraries.html">Using CodeIgniter Libraries</a></li>
				102	<li class="toctree-l2"><a class="reference internal" href="../general/creating_libraries.html">Creating Libraries</a></li>
				103	<li class="toctree-l2"><a class="reference internal" href="../general/drivers.html">Using CodeIgniter Drivers</a></li>
				104	<li class="toctree-l2"><a class="reference internal" href="../general/creating_drivers.html">Creating Drivers</a></li>
				105	<li class="toctree-l2"><a class="reference internal" href="../general/core_classes.html">Creating Core System Classes</a></li>
				106	<li class="toctree-l2"><a class="reference internal" href="../general/ancillary_classes.html">Creating Ancillary Classes</a></li>
				107	<li class="toctree-l2"><a class="reference internal" href="../general/hooks.html">Hooks - Extending the Framework Core</a></li>
				108	<li class="toctree-l2"><a class="reference internal" href="../general/autoloader.html">Auto-loading Resources</a></li>
				109	<li class="toctree-l2"><a class="reference internal" href="../general/common_functions.html">Common Functions</a></li>
				110	<li class="toctree-l2"><a class="reference internal" href="../general/compatibility_functions.html">Compatibility Functions</a></li>
				111	<li class="toctree-l2"><a class="reference internal" href="../general/routing.html">URI Routing</a></li>
				112	<li class="toctree-l2"><a class="reference internal" href="../general/errors.html">Error Handling</a></li>
				113	<li class="toctree-l2"><a class="reference internal" href="../general/caching.html">Caching</a></li>
				114	<li class="toctree-l2"><a class="reference internal" href="../general/profiling.html">Profiling Your Application</a></li>
				115	<li class="toctree-l2"><a class="reference internal" href="../general/cli.html">Running via the CLI</a></li>
				116	<li class="toctree-l2"><a class="reference internal" href="../general/managing_apps.html">Managing your Applications</a></li>
				117	<li class="toctree-l2"><a class="reference internal" href="../general/environments.html">Handling Multiple Environments</a></li>
				118	<li class="toctree-l2"><a class="reference internal" href="../general/alternative_php.html">Alternate PHP Syntax for View Files</a></li>
				119	<li class="toctree-l2"><a class="reference internal" href="../general/security.html">Security</a></li>
				120	<li class="toctree-l2"><a class="reference internal" href="../general/styleguide.html">PHP Style Guide</a></li>
				121	</ul>
				122	</li>
				123	</ul>
				124	<ul class="current">
				125	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Libraries</a><ul class="current">
				126	<li class="toctree-l2"><a class="reference internal" href="benchmark.html">Benchmarking Class</a></li>
				127	<li class="toctree-l2"><a class="reference internal" href="caching.html">Caching Driver</a></li>
				128	<li class="toctree-l2"><a class="reference internal" href="calendar.html">Calendaring Class</a></li>
				129	<li class="toctree-l2"><a class="reference internal" href="cart.html">Shopping Cart Class</a></li>
				130	<li class="toctree-l2"><a class="reference internal" href="config.html">Config Class</a></li>
				131	<li class="toctree-l2"><a class="reference internal" href="email.html">Email Class</a></li>
				132	<li class="toctree-l2"><a class="reference internal" href="encrypt.html">Encrypt Class</a></li>
				133	<li class="toctree-l2"><a class="reference internal" href="encryption.html">Encryption Library</a></li>
				134	<li class="toctree-l2"><a class="reference internal" href="file_uploading.html">File Uploading Class</a></li>
				135	<li class="toctree-l2"><a class="reference internal" href="form_validation.html">Form Validation</a></li>
				136	<li class="toctree-l2"><a class="reference internal" href="ftp.html">FTP Class</a></li>
				137	<li class="toctree-l2"><a class="reference internal" href="image_lib.html">Image Manipulation Class</a></li>
				138	<li class="toctree-l2"><a class="reference internal" href="input.html">Input Class</a></li>
				139	<li class="toctree-l2"><a class="reference internal" href="javascript.html">Javascript Class</a></li>
				140	<li class="toctree-l2"><a class="reference internal" href="language.html">Language Class</a></li>
				141	<li class="toctree-l2"><a class="reference internal" href="loader.html">Loader Class</a></li>
				142	<li class="toctree-l2"><a class="reference internal" href="migration.html">Migrations Class</a></li>
				143	<li class="toctree-l2"><a class="reference internal" href="output.html">Output Class</a></li>
				144	<li class="toctree-l2"><a class="reference internal" href="pagination.html">Pagination Class</a></li>
				145	<li class="toctree-l2"><a class="reference internal" href="parser.html">Template Parser Class</a></li>
				146	<li class="toctree-l2 current"><a class="current reference internal" href="#">Security Class</a></li>
				147	<li class="toctree-l2"><a class="reference internal" href="sessions.html">Session Library</a></li>
				148	<li class="toctree-l2"><a class="reference internal" href="table.html">HTML Table Class</a></li>
				149	<li class="toctree-l2"><a class="reference internal" href="trackback.html">Trackback Class</a></li>
				150	<li class="toctree-l2"><a class="reference internal" href="typography.html">Typography Class</a></li>
				151	<li class="toctree-l2"><a class="reference internal" href="unit_testing.html">Unit Testing Class</a></li>
				152	<li class="toctree-l2"><a class="reference internal" href="uri.html">URI Class</a></li>
				153	<li class="toctree-l2"><a class="reference internal" href="user_agent.html">User Agent Class</a></li>
				154	<li class="toctree-l2"><a class="reference internal" href="xmlrpc.html">XML-RPC and XML-RPC Server Classes</a></li>
				155	<li class="toctree-l2"><a class="reference internal" href="zip.html">Zip Encoding Class</a></li>
				156	</ul>
				157	</li>
				158	</ul>
				159	<ul>
				160	<li class="toctree-l1"><a class="reference internal" href="../database/index.html">Database Reference</a><ul>
				161	<li class="toctree-l2"><a class="reference internal" href="../database/examples.html">Quick Start: Usage Examples</a></li>
				162	<li class="toctree-l2"><a class="reference internal" href="../database/configuration.html">Database Configuration</a></li>
				163	<li class="toctree-l2"><a class="reference internal" href="../database/connecting.html">Connecting to a Database</a></li>
				164	<li class="toctree-l2"><a class="reference internal" href="../database/queries.html">Running Queries</a></li>
				165	<li class="toctree-l2"><a class="reference internal" href="../database/results.html">Generating Query Results</a></li>
				166	<li class="toctree-l2"><a class="reference internal" href="../database/helpers.html">Query Helper Functions</a></li>
				167	<li class="toctree-l2"><a class="reference internal" href="../database/query_builder.html">Query Builder Class</a></li>
				168	<li class="toctree-l2"><a class="reference internal" href="../database/transactions.html">Transactions</a></li>
				169	<li class="toctree-l2"><a class="reference internal" href="../database/metadata.html">Getting MetaData</a></li>
				170	<li class="toctree-l2"><a class="reference internal" href="../database/call_function.html">Custom Function Calls</a></li>
				171	<li class="toctree-l2"><a class="reference internal" href="../database/caching.html">Query Caching</a></li>
				172	<li class="toctree-l2"><a class="reference internal" href="../database/forge.html">Database Manipulation with Database Forge</a></li>
				173	<li class="toctree-l2"><a class="reference internal" href="../database/utilities.html">Database Utilities Class</a></li>
				174	<li class="toctree-l2"><a class="reference internal" href="../database/db_driver_reference.html">Database Driver Reference</a></li>
				175	</ul>
				176	</li>
				177	</ul>
				178	<ul>
				179	<li class="toctree-l1"><a class="reference internal" href="../helpers/index.html">Helpers</a><ul>
				180	<li class="toctree-l2"><a class="reference internal" href="../helpers/array_helper.html">Array Helper</a></li>
				181	<li class="toctree-l2"><a class="reference internal" href="../helpers/captcha_helper.html">CAPTCHA Helper</a></li>
				182	<li class="toctree-l2"><a class="reference internal" href="../helpers/cookie_helper.html">Cookie Helper</a></li>
				183	<li class="toctree-l2"><a class="reference internal" href="../helpers/date_helper.html">Date Helper</a></li>
				184	<li class="toctree-l2"><a class="reference internal" href="../helpers/directory_helper.html">Directory Helper</a></li>
				185	<li class="toctree-l2"><a class="reference internal" href="../helpers/download_helper.html">Download Helper</a></li>
				186	<li class="toctree-l2"><a class="reference internal" href="../helpers/email_helper.html">Email Helper</a></li>
				187	<li class="toctree-l2"><a class="reference internal" href="../helpers/file_helper.html">File Helper</a></li>
				188	<li class="toctree-l2"><a class="reference internal" href="../helpers/form_helper.html">Form Helper</a></li>
				189	<li class="toctree-l2"><a class="reference internal" href="../helpers/html_helper.html">HTML Helper</a></li>
				190	<li class="toctree-l2"><a class="reference internal" href="../helpers/inflector_helper.html">Inflector Helper</a></li>
				191	<li class="toctree-l2"><a class="reference internal" href="../helpers/language_helper.html">Language Helper</a></li>
				192	<li class="toctree-l2"><a class="reference internal" href="../helpers/number_helper.html">Number Helper</a></li>
				193	<li class="toctree-l2"><a class="reference internal" href="../helpers/path_helper.html">Path Helper</a></li>
				194	<li class="toctree-l2"><a class="reference internal" href="../helpers/security_helper.html">Security Helper</a></li>
				195	<li class="toctree-l2"><a class="reference internal" href="../helpers/smiley_helper.html">Smiley Helper</a></li>
				196	<li class="toctree-l2"><a class="reference internal" href="../helpers/string_helper.html">String Helper</a></li>
				197	<li class="toctree-l2"><a class="reference internal" href="../helpers/text_helper.html">Text Helper</a></li>
				198	<li class="toctree-l2"><a class="reference internal" href="../helpers/typography_helper.html">Typography Helper</a></li>
				199	<li class="toctree-l2"><a class="reference internal" href="../helpers/url_helper.html">URL Helper</a></li>
				200	<li class="toctree-l2"><a class="reference internal" href="../helpers/xml_helper.html">XML Helper</a></li>
				201	</ul>
				202	</li>
				203	</ul>
				204
				205	</div>
				206
				207
				208	</div>
				209	</div>
				210	<div id="nav2">
				211	<a href="#" id="openToc">
				212	<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAARgAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABAMDAwMDBAMDBAYEAwQGBwUEBAUHCAYGBwYGCAoICQkJCQgKCgwMDAwMCgwMDQ0MDBERERERFBQUFBQUFBQUFAEEBQUIBwgPCgoPFA4ODhQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU/8AAEQgAKwCaAwERAAIRAQMRAf/EAHsAAQAABwEBAAAAAAAAAAAAAAABAwQFBgcIAgkBAQAAAAAAAAAAAAAAAAAAAAAQAAEDAwICBwYEAgsAAAAAAAIBAwQAEQUSBiEHkROTVNQWGDFBUVIUCHEiMtOUFWGBobHRQlMkZIRVEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwDSC+ygkOOaUoKigUCgUCgUCgUCgUCgUCgUCgkuGguIP9FBMFb0Hqg7We+3jlmIqqYFf4ub+/QYlnOR/LqIBKGFUbf8qWv971BytQXXE7Y3Lnm3HsFhp2TaZJAdchRXpIgSpdEJWxJEW3xoKV7F5OMy7JkQn2o7D6w33XGjEAkoiqrJEqIiOIiKuhePCgqp22dyYyS3CyWHnQ5joG61HkRnmnTbaFSMhExRVQRRVJU9iUHjE7ez+fJ0MFipmUNhBV8YUd2SoIV9KkjQla9ltegttBdPLW4/qocL+UTfrMiHW4+P9M71shuyrqaHTcxsl7jegpsji8nh5ZwMvDfgTm0RTjSmjYdFCS6KoOIipdFunCgmNYTMv457MMY6U7iI6oMieDDhRm1VbIhuoOkbqtuK0Hpzb+eZcYZexUxt6UyUqK2cd0SdjtgrhOgijcgERUlJOCIl6CpgbP3blRI8XgMjNARAyKNDfeRBdFDBVUAXgQrqH4pxoJTu2NysY97LP4ac1io5q1InHFeGO24LnVKJuKOkSQ/yKir+rh7aCLG1dzypZQI2FnvTgccYOM3FeN0XWERXAUEFVQgQkUktdLpegm+Td3/Xli/L+S/mYNJIOF9G/wBeLKrZHFb0akG6W1WtQWSg3Dyg5e7V3fipE3O4/wCrktyzYA+ufas2LbZIlmnAT2kvuoN1wft95augilglX/tzP3qCu9O3LL/wV/i5v79BvmTADq14UGu91467Z6U9y0HzH/ncj/U/sT/CgynZG7I2NezpZGUjIycJkYkZSG+uQ81pbBNKLxJfjwoMqZ3/ALYHl35AJ7/cuwHcu5k7r1Q5pHetBjquqVVJWGxj9Zrtcl/Ggy3dHMvauR3HFZj5nHNxSyW5JISYDMoIwx8tFIGHZhPNaykGapr6rUAiicEoMG21lMRj8buPAz8xhJrr7uOeiPTCyAwXUaGR1mgozbTusOsFLEiJ7fbQa/h7gcjy2H3V6xppwDNtUSxCJIqp7valBuWVzJ22xuCROXNNZiJkMtms0DbjUkAZjzoDrTMd9dDRI44ZC2YsrYdKWP2WDT2S3N9dNdlRYrGMYc06IURXSYb0igrpWS485xVNS6nF4rwslkoMwnbpgZLB7bmt5uMweAhDEl4B5uSLzzqTnnyVpW2jaJHRMSIjdDiiotvy3DOE5rYTEbkl5yFn28k7JyG4c7AU2HtLH1uKfaiMPI40CdYbpNtmLdwTSn5rewLNld+7TLdeal4WarWBkbVKBjgdElMJJwAAY5fl4kB3b1fp4XvagsGS3FjJfLzDNtS8aeXx7LzT7TyzByQE5PccRGRC0ZRUDRV6y62vbjagzLmJzS2vuPK43JY6aP1TW6Jz+RIWyFtyC06y3EkiiinAo7YCqfq1AqqnGgsOH3lhZO8d1pmcpB8j5XIm9OYlBJSQ/FSS4427DKO0RC8AlcEMhFdViRR1WDWR5t3WXVuL1d106kG9vdeye2g60+1FDyW0shIcXVpyroXt8I8dfd+NB1vioAdWnD3UF1+gD4UFc6CEKpagxXN43rwJLUHz7yX2c8zokt9uHlsPIhA4aRnnHJTLptIS6CNsY7iASpxUUMkReGpfbQW0vtN5pitvrsN28rwtBD0nc0+/Yft5XhaB6TuaXfsP28rwtA9J3NPv2H7eV4Wgek7mn37D9vK8LQPSdzT79h+3leFoHpO5pd+w/byvC0D0nc0u/Yft5XhaB6TuaXfsP28rwtA9J3NLv2H7eV4Wgek7ml37D9vK8LQPSdzS79h+3leFoHpO5p9+w/byvC0E9r7Reazy2HIYVPxkS/CUHVn26cosxyv2g7h89LYmZSXOenvLEQ1YaQ222RATcQCP8rSGqqA8S02W2pQ6FhMoAIlqCtsnwoCpdKClejI4i3Sgtb+GBxVuNBSFt1pV/RQefLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8uM/JQPLjPyUDy4z8lA8utJ/koJ7WCbBU/LQXOPAFq1koK8B0pag90CggtBBf6qB0UDooHRQOigdFA6KB0UDooHRQOigdFA6KB0UDooI0EaBQf//Z" title="Toggle Table of Contents" alt="Toggle Table of Contents" />
				213	</a>
				214	</div>
				215
				216	<div class="wy-grid-for-nav">
				217
				218
				219	<nav data-toggle="wy-nav-shift" class="wy-nav-side">
				220	<div class="wy-side-nav-search">
				221
				222	<a href="../index.html" class="fa fa-home"> CodeIgniter</a>
				223
				224
				225	<div role="search">
				226	<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
				227	<input type="text" name="q" placeholder="Search docs" />
				228	<input type="hidden" name="check_keywords" value="yes" />
				229	<input type="hidden" name="area" value="default" />
				230	</form>
				231	</div>
				232	</div>
				233
				234	<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
				235
				236
				237
				238	<ul>
				239	<li class="toctree-l1"><a class="reference internal" href="../general/welcome.html">Welcome to CodeIgniter</a></li>
				240	</ul>
				241	<ul>
				242	<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation Instructions</a><ul>
				243	<li class="toctree-l2"><a class="reference internal" href="../installation/downloads.html">Downloading CodeIgniter</a></li>
				244	<li class="toctree-l2"><a class="reference internal" href="../installation/index.html">Installation Instructions</a></li>
				245	<li class="toctree-l2"><a class="reference internal" href="../installation/upgrading.html">Upgrading From a Previous Version</a></li>
				246	<li class="toctree-l2"><a class="reference internal" href="../installation/troubleshooting.html">Troubleshooting</a></li>
				247	</ul>
				248	</li>
				249	</ul>
				250	<ul>
				251	<li class="toctree-l1"><a class="reference internal" href="../overview/index.html">CodeIgniter Overview</a><ul>
				252	<li class="toctree-l2"><a class="reference internal" href="../overview/getting_started.html">Getting Started</a></li>
				253	<li class="toctree-l2"><a class="reference internal" href="../overview/at_a_glance.html">CodeIgniter at a Glance</a></li>
				254	<li class="toctree-l2"><a class="reference internal" href="../overview/features.html">Supported Features</a></li>
				255	<li class="toctree-l2"><a class="reference internal" href="../overview/appflow.html">Application Flow Chart</a></li>
				256	<li class="toctree-l2"><a class="reference internal" href="../overview/mvc.html">Model-View-Controller</a></li>
				257	<li class="toctree-l2"><a class="reference internal" href="../overview/goals.html">Architectural Goals</a></li>
				258	</ul>
				259	</li>
				260	</ul>
				261	<ul>
				262	<li class="toctree-l1"><a class="reference internal" href="../tutorial/index.html">Tutorial</a><ul>
				263	<li class="toctree-l2"><a class="reference internal" href="../tutorial/static_pages.html">Static pages</a></li>
				264	<li class="toctree-l2"><a class="reference internal" href="../tutorial/news_section.html">News section</a></li>
				265	<li class="toctree-l2"><a class="reference internal" href="../tutorial/create_news_items.html">Create news items</a></li>
				266	<li class="toctree-l2"><a class="reference internal" href="../tutorial/conclusion.html">Conclusion</a></li>
				267	</ul>
				268	</li>
				269	</ul>
				270	<ul>
				271	<li class="toctree-l1"><a class="reference internal" href="../contributing/index.html">Contributing to CodeIgniter</a><ul>
				272	<li class="toctree-l2"><a class="reference internal" href="../documentation/index.html">Writing CodeIgniter Documentation</a></li>
				273	<li class="toctree-l2"><a class="reference internal" href="../DCO.html">Developer’s Certificate of Origin 1.1</a></li>
				274	</ul>
				275	</li>
				276	</ul>
				277	<ul>
				278	<li class="toctree-l1"><a class="reference internal" href="../general/index.html">General Topics</a><ul>
				279	<li class="toctree-l2"><a class="reference internal" href="../general/urls.html">CodeIgniter URLs</a></li>
				280	<li class="toctree-l2"><a class="reference internal" href="../general/controllers.html">Controllers</a></li>
				281	<li class="toctree-l2"><a class="reference internal" href="../general/reserved_names.html">Reserved Names</a></li>
				282	<li class="toctree-l2"><a class="reference internal" href="../general/views.html">Views</a></li>
				283	<li class="toctree-l2"><a class="reference internal" href="../general/models.html">Models</a></li>
				284	<li class="toctree-l2"><a class="reference internal" href="../general/helpers.html">Helpers</a></li>
				285	<li class="toctree-l2"><a class="reference internal" href="../general/libraries.html">Using CodeIgniter Libraries</a></li>
				286	<li class="toctree-l2"><a class="reference internal" href="../general/creating_libraries.html">Creating Libraries</a></li>
				287	<li class="toctree-l2"><a class="reference internal" href="../general/drivers.html">Using CodeIgniter Drivers</a></li>
				288	<li class="toctree-l2"><a class="reference internal" href="../general/creating_drivers.html">Creating Drivers</a></li>
				289	<li class="toctree-l2"><a class="reference internal" href="../general/core_classes.html">Creating Core System Classes</a></li>
				290	<li class="toctree-l2"><a class="reference internal" href="../general/ancillary_classes.html">Creating Ancillary Classes</a></li>
				291	<li class="toctree-l2"><a class="reference internal" href="../general/hooks.html">Hooks - Extending the Framework Core</a></li>
				292	<li class="toctree-l2"><a class="reference internal" href="../general/autoloader.html">Auto-loading Resources</a></li>
				293	<li class="toctree-l2"><a class="reference internal" href="../general/common_functions.html">Common Functions</a></li>
				294	<li class="toctree-l2"><a class="reference internal" href="../general/compatibility_functions.html">Compatibility Functions</a></li>
				295	<li class="toctree-l2"><a class="reference internal" href="../general/routing.html">URI Routing</a></li>
				296	<li class="toctree-l2"><a class="reference internal" href="../general/errors.html">Error Handling</a></li>
				297	<li class="toctree-l2"><a class="reference internal" href="../general/caching.html">Caching</a></li>
				298	<li class="toctree-l2"><a class="reference internal" href="../general/profiling.html">Profiling Your Application</a></li>
				299	<li class="toctree-l2"><a class="reference internal" href="../general/cli.html">Running via the CLI</a></li>
				300	<li class="toctree-l2"><a class="reference internal" href="../general/managing_apps.html">Managing your Applications</a></li>
				301	<li class="toctree-l2"><a class="reference internal" href="../general/environments.html">Handling Multiple Environments</a></li>
				302	<li class="toctree-l2"><a class="reference internal" href="../general/alternative_php.html">Alternate PHP Syntax for View Files</a></li>
				303	<li class="toctree-l2"><a class="reference internal" href="../general/security.html">Security</a></li>
				304	<li class="toctree-l2"><a class="reference internal" href="../general/styleguide.html">PHP Style Guide</a></li>
				305	</ul>
				306	</li>
				307	</ul>
				308	<ul class="current">
				309	<li class="toctree-l1 current"><a class="reference internal" href="index.html">Libraries</a><ul class="current">
				310	<li class="toctree-l2"><a class="reference internal" href="benchmark.html">Benchmarking Class</a></li>
				311	<li class="toctree-l2"><a class="reference internal" href="caching.html">Caching Driver</a></li>
				312	<li class="toctree-l2"><a class="reference internal" href="calendar.html">Calendaring Class</a></li>
				313	<li class="toctree-l2"><a class="reference internal" href="cart.html">Shopping Cart Class</a></li>
				314	<li class="toctree-l2"><a class="reference internal" href="config.html">Config Class</a></li>
				315	<li class="toctree-l2"><a class="reference internal" href="email.html">Email Class</a></li>
				316	<li class="toctree-l2"><a class="reference internal" href="encrypt.html">Encrypt Class</a></li>
				317	<li class="toctree-l2"><a class="reference internal" href="encryption.html">Encryption Library</a></li>
				318	<li class="toctree-l2"><a class="reference internal" href="file_uploading.html">File Uploading Class</a></li>
				319	<li class="toctree-l2"><a class="reference internal" href="form_validation.html">Form Validation</a></li>
				320	<li class="toctree-l2"><a class="reference internal" href="ftp.html">FTP Class</a></li>
				321	<li class="toctree-l2"><a class="reference internal" href="image_lib.html">Image Manipulation Class</a></li>
				322	<li class="toctree-l2"><a class="reference internal" href="input.html">Input Class</a></li>
				323	<li class="toctree-l2"><a class="reference internal" href="javascript.html">Javascript Class</a></li>
				324	<li class="toctree-l2"><a class="reference internal" href="language.html">Language Class</a></li>
				325	<li class="toctree-l2"><a class="reference internal" href="loader.html">Loader Class</a></li>
				326	<li class="toctree-l2"><a class="reference internal" href="migration.html">Migrations Class</a></li>
				327	<li class="toctree-l2"><a class="reference internal" href="output.html">Output Class</a></li>
				328	<li class="toctree-l2"><a class="reference internal" href="pagination.html">Pagination Class</a></li>
				329	<li class="toctree-l2"><a class="reference internal" href="parser.html">Template Parser Class</a></li>
				330	<li class="toctree-l2 current"><a class="current reference internal" href="#">Security Class</a></li>
				331	<li class="toctree-l2"><a class="reference internal" href="sessions.html">Session Library</a></li>
				332	<li class="toctree-l2"><a class="reference internal" href="table.html">HTML Table Class</a></li>
				333	<li class="toctree-l2"><a class="reference internal" href="trackback.html">Trackback Class</a></li>
				334	<li class="toctree-l2"><a class="reference internal" href="typography.html">Typography Class</a></li>
				335	<li class="toctree-l2"><a class="reference internal" href="unit_testing.html">Unit Testing Class</a></li>
				336	<li class="toctree-l2"><a class="reference internal" href="uri.html">URI Class</a></li>
				337	<li class="toctree-l2"><a class="reference internal" href="user_agent.html">User Agent Class</a></li>
				338	<li class="toctree-l2"><a class="reference internal" href="xmlrpc.html">XML-RPC and XML-RPC Server Classes</a></li>
				339	<li class="toctree-l2"><a class="reference internal" href="zip.html">Zip Encoding Class</a></li>
				340	</ul>
				341	</li>
				342	</ul>
				343	<ul>
				344	<li class="toctree-l1"><a class="reference internal" href="../database/index.html">Database Reference</a><ul>
				345	<li class="toctree-l2"><a class="reference internal" href="../database/examples.html">Quick Start: Usage Examples</a></li>
				346	<li class="toctree-l2"><a class="reference internal" href="../database/configuration.html">Database Configuration</a></li>
				347	<li class="toctree-l2"><a class="reference internal" href="../database/connecting.html">Connecting to a Database</a></li>
				348	<li class="toctree-l2"><a class="reference internal" href="../database/queries.html">Running Queries</a></li>
				349	<li class="toctree-l2"><a class="reference internal" href="../database/results.html">Generating Query Results</a></li>
				350	<li class="toctree-l2"><a class="reference internal" href="../database/helpers.html">Query Helper Functions</a></li>
				351	<li class="toctree-l2"><a class="reference internal" href="../database/query_builder.html">Query Builder Class</a></li>
				352	<li class="toctree-l2"><a class="reference internal" href="../database/transactions.html">Transactions</a></li>
				353	<li class="toctree-l2"><a class="reference internal" href="../database/metadata.html">Getting MetaData</a></li>
				354	<li class="toctree-l2"><a class="reference internal" href="../database/call_function.html">Custom Function Calls</a></li>
				355	<li class="toctree-l2"><a class="reference internal" href="../database/caching.html">Query Caching</a></li>
				356	<li class="toctree-l2"><a class="reference internal" href="../database/forge.html">Database Manipulation with Database Forge</a></li>
				357	<li class="toctree-l2"><a class="reference internal" href="../database/utilities.html">Database Utilities Class</a></li>
				358	<li class="toctree-l2"><a class="reference internal" href="../database/db_driver_reference.html">Database Driver Reference</a></li>
				359	</ul>
				360	</li>
				361	</ul>
				362	<ul>
				363	<li class="toctree-l1"><a class="reference internal" href="../helpers/index.html">Helpers</a><ul>
				364	<li class="toctree-l2"><a class="reference internal" href="../helpers/array_helper.html">Array Helper</a></li>
				365	<li class="toctree-l2"><a class="reference internal" href="../helpers/captcha_helper.html">CAPTCHA Helper</a></li>
				366	<li class="toctree-l2"><a class="reference internal" href="../helpers/cookie_helper.html">Cookie Helper</a></li>
				367	<li class="toctree-l2"><a class="reference internal" href="../helpers/date_helper.html">Date Helper</a></li>
				368	<li class="toctree-l2"><a class="reference internal" href="../helpers/directory_helper.html">Directory Helper</a></li>
				369	<li class="toctree-l2"><a class="reference internal" href="../helpers/download_helper.html">Download Helper</a></li>
				370	<li class="toctree-l2"><a class="reference internal" href="../helpers/email_helper.html">Email Helper</a></li>
				371	<li class="toctree-l2"><a class="reference internal" href="../helpers/file_helper.html">File Helper</a></li>
				372	<li class="toctree-l2"><a class="reference internal" href="../helpers/form_helper.html">Form Helper</a></li>
				373	<li class="toctree-l2"><a class="reference internal" href="../helpers/html_helper.html">HTML Helper</a></li>
				374	<li class="toctree-l2"><a class="reference internal" href="../helpers/inflector_helper.html">Inflector Helper</a></li>
				375	<li class="toctree-l2"><a class="reference internal" href="../helpers/language_helper.html">Language Helper</a></li>
				376	<li class="toctree-l2"><a class="reference internal" href="../helpers/number_helper.html">Number Helper</a></li>
				377	<li class="toctree-l2"><a class="reference internal" href="../helpers/path_helper.html">Path Helper</a></li>
				378	<li class="toctree-l2"><a class="reference internal" href="../helpers/security_helper.html">Security Helper</a></li>
				379	<li class="toctree-l2"><a class="reference internal" href="../helpers/smiley_helper.html">Smiley Helper</a></li>
				380	<li class="toctree-l2"><a class="reference internal" href="../helpers/string_helper.html">String Helper</a></li>
				381	<li class="toctree-l2"><a class="reference internal" href="../helpers/text_helper.html">Text Helper</a></li>
				382	<li class="toctree-l2"><a class="reference internal" href="../helpers/typography_helper.html">Typography Helper</a></li>
				383	<li class="toctree-l2"><a class="reference internal" href="../helpers/url_helper.html">URL Helper</a></li>
				384	<li class="toctree-l2"><a class="reference internal" href="../helpers/xml_helper.html">XML Helper</a></li>
				385	</ul>
				386	</li>
				387	</ul>
				388
				389
				390
				391	</div>
				392
				393	</nav>
				394
				395	<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
				396
				397
				398	<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
				399	<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
				400	<a href="../index.html">CodeIgniter</a>
				401	</nav>
				402
				403
				404
				405	<div class="wy-nav-content">
				406	<div class="rst-content">
				407	<div role="navigation" aria-label="breadcrumbs navigation">
				408	<ul class="wy-breadcrumbs">
				409	<li><a href="../index.html">Docs</a> »</li>
				410
				411	<li><a href="index.html">Libraries</a> »</li>
				412
				413	<li>Security Class</li>
				414	<li class="wy-breadcrumbs-aside">
				415
				416	</li>
				417	<div style="float:right;margin-left:5px;" id="closeMe">
				418	<img title="Classic Layout" alt="classic layout" src="data:image/gif;base64,R0lGODlhFAAUAJEAAAAAADMzM////wAAACH5BAUUAAIALAAAAAAUABQAAAImlI+py+0PU5gRBRDM3DxbWoXis42X13USOLauUIqnlsaH/eY6UwAAOw==" />
				419	</div>
				420	</ul>
				421	<hr/>
				422	</div>
				423	<div role="main" class="document">
				424
				425	<div class="section" id="security-class">
				426	<h1>Security Class<a class="headerlink" href="#security-class" title="Permalink to this headline">¶</a></h1>
				427	<p>The Security Class contains methods that help you create a secure
				428	application, processing input data for security.</p>
				429	<div class="contents local topic" id="contents">
				430	<ul class="simple">
				431	<li><a class="reference internal" href="#xss-filtering" id="id1">XSS Filtering</a></li>
				432	<li><a class="reference internal" href="#cross-site-request-forgery-csrf" id="id2">Cross-site request forgery (CSRF)</a></li>
				433	<li><a class="reference internal" href="#class-reference" id="id3">Class Reference</a></li>
				434	</ul>
				435	</div>
				436	<div class="custom-index container"></div><div class="section" id="xss-filtering">
				437	<h2><a class="toc-backref" href="#id1">XSS Filtering</a><a class="headerlink" href="#xss-filtering" title="Permalink to this headline">¶</a></h2>
				438	<p>CodeIgniter comes with a Cross Site Scripting prevention filter, which
				439	looks for commonly used techniques to trigger JavaScript or other types
				440	of code that attempt to hijack cookies or do other malicious things.
				441	If anything disallowed is encountered it is rendered safe by converting
				442	the data to character entities.</p>
				443	<p>To filter data through the XSS filter use the <code class="docutils literal"><span class="pre">xss_clean()</span></code> method:</p>
				444	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$data</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">xss_clean</span><span class="p">(</span><span class="nv">$data</span><span class="p">);</span>
				445	</pre></div>
				446	</div>
				447	<p>An optional second parameter, <em>is_image</em>, allows this function to be used
				448	to test images for potential XSS attacks, useful for file upload
				449	security. When this second parameter is set to TRUE, instead of
				450	returning an altered string, the function returns TRUE if the image is
				451	safe, and FALSE if it contained potentially malicious information that a
				452	browser may attempt to execute.</p>
				453	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="k">if</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">xss_clean</span><span class="p">(</span><span class="nv">$file</span><span class="p">,</span> <span class="k">TRUE</span><span class="p">)</span> <span class="o">===</span> <span class="k">FALSE</span><span class="p">)</span>
				454	<span class="p">{</span>
				455	<span class="c1">// file failed the XSS test</span>
				456	<span class="p">}</span>
				457	</pre></div>
				458	</div>
				459	<div class="admonition important">
				460	<p class="first admonition-title">Important</p>
				461	<p class="last">If you want to filter HTML attribute values, use
				462	<a class="reference internal" href="../general/common_functions.html#html_escape" title="html_escape"><code class="xref php php-func docutils literal"><span class="pre">html_escape()</span></code></a> instead!</p>
				463	</div>
				464	</div>
				465	<div class="section" id="cross-site-request-forgery-csrf">
				466	<h2><a class="toc-backref" href="#id2">Cross-site request forgery (CSRF)</a><a class="headerlink" href="#cross-site-request-forgery-csrf" title="Permalink to this headline">¶</a></h2>
				467	<p>You can enable CSRF protection by altering your <strong>application/config/config.php</strong>
				468	file in the following way:</p>
				469	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_protection'</span><span class="p">]</span> <span class="o">=</span> <span class="k">TRUE</span><span class="p">;</span>
				470	</pre></div>
				471	</div>
				472	<p>If you use the <a class="reference internal" href="../helpers/form_helper.html"><span class="doc">form helper</span></a>, then
				473	<code class="xref py py-func docutils literal"><span class="pre">form_open()</span></code> will automatically insert a hidden csrf field in
				474	your forms. If not, then you can use <code class="docutils literal"><span class="pre">get_csrf_token_name()</span></code>
				475	and <code class="docutils literal"><span class="pre">get_csrf_hash()</span></code></p>
				476	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$csrf</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span>
				477	<span class="s1">'name'</span> <span class="o">=></span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">get_csrf_token_name</span><span class="p">(),</span>
				478	<span class="s1">'hash'</span> <span class="o">=></span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">get_csrf_hash</span><span class="p">()</span>
				479	<span class="p">);</span>
				480
				481	<span class="o">...</span>
				482
				483	<span class="o"><</span><span class="nx">input</span> <span class="nx">type</span><span class="o">=</span><span class="s2">"hidden"</span> <span class="nx">name</span><span class="o">=</span><span class="s2">"<?=</span><span class="si">$csrf['name']</span><span class="s2">;?>"</span> <span class="nx">value</span><span class="o">=</span><span class="s2">"<?=</span><span class="si">$csrf['hash']</span><span class="s2">;?>"</span> <span class="o">/></span>
				484	</pre></div>
				485	</div>
				486	<p>Tokens may be either regenerated on every submission (default) or
				487	kept the same throughout the life of the CSRF cookie. The default
				488	regeneration of tokens provides stricter security, but may result
				489	in usability concerns as other tokens become invalid (back/forward
				490	navigation, multiple tabs/windows, asynchronous actions, etc). You
				491	may alter this behavior by editing the following config parameter</p>
				492	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_regenerate'</span><span class="p">]</span> <span class="o">=</span> <span class="k">TRUE</span><span class="p">;</span>
				493	</pre></div>
				494	</div>
				495	<p>Select URIs can be whitelisted from csrf protection (for example API
				496	endpoints expecting externally POSTed content). You can add these URIs
				497	by editing the ‘csrf_exclude_uris’ config parameter:</p>
				498	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_exclude_uris'</span><span class="p">]</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span><span class="s1">'api/person/add'</span><span class="p">);</span>
				499	</pre></div>
				500	</div>
				501	<p>Regular expressions are also supported (case-insensitive):</p>
				502	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$config</span><span class="p">[</span><span class="s1">'csrf_exclude_uris'</span><span class="p">]</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span>
				503	<span class="s1">'api/record/[0-9]+'</span><span class="p">,</span>
				504	<span class="s1">'api/title/[a-z]+'</span>
				505	<span class="p">);</span>
				506	</pre></div>
				507	</div>
				508	</div>
				509	<div class="section" id="class-reference">
				510	<h2><a class="toc-backref" href="#id3">Class Reference</a><a class="headerlink" href="#class-reference" title="Permalink to this headline">¶</a></h2>
				511	<dl class="class">
				512	<dt id="CI_Security">
				513	<em class="property">class </em><code class="descname">CI_Security</code><a class="headerlink" href="#CI_Security" title="Permalink to this definition">¶</a></dt>
				514	<dd><dl class="method">
				515	<dt id="CI_Security::xss_clean">
				516	<code class="descname">xss_clean</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$is_image = FALSE</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::xss_clean" title="Permalink to this definition">¶</a></dt>
				517	<dd><table class="docutils field-list" frame="void" rules="none">
				518	<col class="field-name" />
				519	<col class="field-body" />
				520	<tbody valign="top">
				521	<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
				522	<li><strong>$str</strong> (<em>mixed</em>) – Input string or an array of strings</li>
				523	</ul>
				524	</td>
				525	</tr>
				526	<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">XSS-clean data</p>
				527	</td>
				528	</tr>
				529	<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">mixed</p>
				530	</td>
				531	</tr>
				532	</tbody>
				533	</table>
				534	<p>Tries to remove XSS exploits from the input data and returns the cleaned string.
				535	If the optional second parameter is set to true, it will return boolean TRUE if
				536	the image is safe to use and FALSE if malicious data was detected in it.</p>
				537	<div class="admonition important">
				538	<p class="first admonition-title">Important</p>
				539	<p class="last">This method is not suitable for filtering HTML attribute values!
				540	Use <a class="reference internal" href="../general/common_functions.html#html_escape" title="html_escape"><code class="xref php php-func docutils literal"><span class="pre">html_escape()</span></code></a> for that instead.</p>
				541	</div>
				542	</dd></dl>
				543
				544	<dl class="method">
				545	<dt id="CI_Security::sanitize_filename">
				546	<code class="descname">sanitize_filename</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$relative_path = FALSE</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::sanitize_filename" title="Permalink to this definition">¶</a></dt>
				547	<dd><table class="docutils field-list" frame="void" rules="none">
				548	<col class="field-name" />
				549	<col class="field-body" />
				550	<tbody valign="top">
				551	<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
				552	<li><strong>$str</strong> (<em>string</em>) – File name/path</li>
				553	<li><strong>$relative_path</strong> (<em>bool</em>) – Whether to preserve any directories in the file path</li>
				554	</ul>
				555	</td>
				556	</tr>
				557	<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">Sanitized file name/path</p>
				558	</td>
				559	</tr>
				560	<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p>
				561	</td>
				562	</tr>
				563	</tbody>
				564	</table>
				565	<p>Tries to sanitize filenames in order to prevent directory traversal attempts
				566	and other security threats, which is particularly useful for files that were supplied via user input.</p>
				567	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$filename</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">sanitize_filename</span><span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">input</span><span class="o">-></span><span class="na">post</span><span class="p">(</span><span class="s1">'filename'</span><span class="p">));</span>
				568	</pre></div>
				569	</div>
				570	<p>If it is acceptable for the user input to include relative paths, e.g.
				571	<em>file/in/some/approved/folder.txt</em>, you can set the second optional parameter, <code class="docutils literal"><span class="pre">$relative_path</span></code> to TRUE.</p>
				572	<div class="highlight-ci"><div class="highlight"><pre><span></span><span class="nv">$filename</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-></span><span class="na">security</span><span class="o">-></span><span class="na">sanitize_filename</span><span class="p">(</span><span class="nv">$this</span><span class="o">-></span><span class="na">input</span><span class="o">-></span><span class="na">post</span><span class="p">(</span><span class="s1">'filename'</span><span class="p">),</span> <span class="k">TRUE</span><span class="p">);</span>
				573	</pre></div>
				574	</div>
				575	</dd></dl>
				576
				577	<dl class="method">
				578	<dt id="CI_Security::get_csrf_token_name">
				579	<code class="descname">get_csrf_token_name</code><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_csrf_token_name" title="Permalink to this definition">¶</a></dt>
				580	<dd><table class="docutils field-list" frame="void" rules="none">
				581	<col class="field-name" />
				582	<col class="field-body" />
				583	<tbody valign="top">
				584	<tr class="field-odd field"><th class="field-name">Returns:</th><td class="field-body">CSRF token name</td>
				585	</tr>
				586	<tr class="field-even field"><th class="field-name">Return type:</th><td class="field-body">string</td>
				587	</tr>
				588	</tbody>
				589	</table>
				590	<p>Returns the CSRF token name (the <code class="docutils literal"><span class="pre">$config['csrf_token_name']</span></code> value).</p>
				591	</dd></dl>
				592
				593	<dl class="method">
				594	<dt id="CI_Security::get_csrf_hash">
				595	<code class="descname">get_csrf_hash</code><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_csrf_hash" title="Permalink to this definition">¶</a></dt>
				596	<dd><table class="docutils field-list" frame="void" rules="none">
				597	<col class="field-name" />
				598	<col class="field-body" />
				599	<tbody valign="top">
				600	<tr class="field-odd field"><th class="field-name">Returns:</th><td class="field-body">CSRF hash</td>
				601	</tr>
				602	<tr class="field-even field"><th class="field-name">Return type:</th><td class="field-body">string</td>
				603	</tr>
				604	</tbody>
				605	</table>
				606	<p>Returns the CSRF hash value. Useful in combination with <code class="docutils literal"><span class="pre">get_csrf_token_name()</span></code>
				607	for manually building forms or sending valid AJAX POST requests.</p>
				608	</dd></dl>
				609
				610	<dl class="method">
				611	<dt id="CI_Security::entity_decode">
				612	<code class="descname">entity_decode</code><span class="sig-paren">(</span><em>$str</em><span class="optional">[</span>, <em>$charset = NULL</em><span class="optional">]</span><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::entity_decode" title="Permalink to this definition">¶</a></dt>
				613	<dd><table class="docutils field-list" frame="void" rules="none">
				614	<col class="field-name" />
				615	<col class="field-body" />
				616	<tbody valign="top">
				617	<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
				618	<li><strong>$str</strong> (<em>string</em>) – Input string</li>
				619	<li><strong>$charset</strong> (<em>string</em>) – Character set of the input string</li>
				620	</ul>
				621	</td>
				622	</tr>
				623	<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">Entity-decoded string</p>
				624	</td>
				625	</tr>
				626	<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p>
				627	</td>
				628	</tr>
				629	</tbody>
				630	</table>
				631	<p>This method acts a lot like PHP’s own native <code class="docutils literal"><span class="pre">html_entity_decode()</span></code> function in ENT_COMPAT mode, only
				632	it tries to detect HTML entities that don’t end in a semicolon because some browsers allow that.</p>
				633	<p>If the <code class="docutils literal"><span class="pre">$charset</span></code> parameter is left empty, then your configured <code class="docutils literal"><span class="pre">$config['charset']</span></code> value will be used.</p>
				634	</dd></dl>
				635
				636	<dl class="method">
				637	<dt id="CI_Security::get_random_bytes">
				638	<code class="descname">get_random_bytes</code><span class="sig-paren">(</span><em>$length</em><span class="sig-paren">)</span><a class="headerlink" href="#CI_Security::get_random_bytes" title="Permalink to this definition">¶</a></dt>
				639	<dd><table class="docutils field-list" frame="void" rules="none">
				640	<col class="field-name" />
				641	<col class="field-body" />
				642	<tbody valign="top">
				643	<tr class="field-odd field"><th class="field-name">Parameters:</th><td class="field-body"><ul class="first simple">
				644	<li><strong>$length</strong> (<em>int</em>) – Output length</li>
				645	</ul>
				646	</td>
				647	</tr>
				648	<tr class="field-even field"><th class="field-name">Returns:</th><td class="field-body"><p class="first">A binary stream of random bytes or FALSE on failure</p>
				649	</td>
				650	</tr>
				651	<tr class="field-odd field"><th class="field-name">Return type:</th><td class="field-body"><p class="first last">string</p>
				652	</td>
				653	</tr>
				654	</tbody>
				655	</table>
				656	<p>A convenience method for getting proper random bytes via <code class="docutils literal"><span class="pre">mcrypt_create_iv()</span></code>,
				657	<code class="docutils literal"><span class="pre">/dev/urandom</span></code> or <code class="docutils literal"><span class="pre">openssl_random_pseudo_bytes()</span></code> (in that order), if one
				658	of them is available.</p>
				659	<p>Used for generating CSRF and XSS tokens.</p>
				660	<div class="admonition note">
				661	<p class="first admonition-title">Note</p>
				662	<p class="last">The output is NOT guaranteed to be cryptographically secure,
				663	just the best attempt at that.</p>
				664	</div>
				665	</dd></dl>
				666
				667	</dd></dl>
				668
				669	</div>
				670	</div>
				671
				672
				673	</div>
				674	<footer>
				675
				676	<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
				677
				678	<a href="sessions.html" class="btn btn-neutral float-right" title="Session Library">Next <span class="fa fa-arrow-circle-right"></span></a>
				679
				680
				681	<a href="parser.html" class="btn btn-neutral" title="Template Parser Class"><span class="fa fa-arrow-circle-left"></span> Previous</a>
				682
				683	</div>
				684
				685
				686	<hr/>
				687
				688	<div role="contentinfo">
				689	<p>
				690	© Copyright 2014 - 2019, British Columbia Institute of Technology.
				691	Last updated on Jan 16, 2019.
				692	</p>
				693	</div>
				694
				695	Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
				696
				697	</footer>
				698	</div>
				699	</div>
				700
				701	</section>
				702
				703	</div>
				704
				705
				706
				707
				708
				709	<script type="text/javascript">
				710	var DOCUMENTATION_OPTIONS = {
				711	URL_ROOT:'../',
				712	VERSION:'3.1.10',
				713	COLLAPSE_INDEX:false,
				714	FILE_SUFFIX:'.html',
				715	HAS_SOURCE: false
				716	};
				717	</script>
				718	<script type="text/javascript" src="../_static/jquery.js"></script>
				719	<script type="text/javascript" src="../_static/underscore.js"></script>
				720	<script type="text/javascript" src="../_static/doctools.js"></script>
				721
				722
				723
				724
				725
				726	<script type="text/javascript" src="../_static/js/theme.js"></script>
				727
				728
				729
				730
				731	<script type="text/javascript">
				732	jQuery(function () {
				733	SphinxRtdTheme.StickyNav.enable();
				734	});
				735	</script>
				736
				737
				738	</body>
				739	</html>