Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 912ee4c5ca099162b5accc153f1bb6f2cb9b5fa1 / . / user_guide_src / source / helpers / security_helper.rst
blob: 7df85d017255d019c6fc20473473dc09d64e1c12 [file] [log] [blame]
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]1###############
2Security Helper
3###############
4
5The Security Helper file contains security related functions.
6
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]7.. contents::
8 :local:
9
10.. raw:: html
11
12 <div class="custom-index container"></div>
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]13
14Loading this Helper
15===================
16
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]17This helper is loaded using the following code::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]18
19 $this->load->helper('security');
20
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]21Available Functions
22===================
23
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]24The following functions are available:
25
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]26
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]27.. function:: xss_clean($str[, $is_image = FALSE])
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]28
29 :param string $str: Input data
30 :param bool $is_image: Whether we're dealing with an image
31 :returns: string
32
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]33 Provides Cross Site Script Hack filtering.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]34
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]35 This function is an alias for ``CI_Input::xss_clean()``. For more info,
36 please see the :doc:`Input Library <../libraries/input>` documentation.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]37
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]38
Derek Jonesb8c283a2013-07-19 16:02:53 -0700[diff] [blame]39.. function:: sanitize_filename($filename)
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]40
41 :param string $filename: Filename
42 :returns: string
43
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]44 Provides protection against directory traversal.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]45
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]46 This function is an alias for ``CI_Security::sanitize_filename()``.
47 For more info, please see the :doc:`Security Library <../libraries/security>`
48 documentation.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]49
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]50
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]51.. function:: do_hash($str[, $type = 'sha1'])
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]52
53 :param string $str: Input
54 :param string $type: Algorithm
55 :returns: string
56
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]57 Permits you to create one way hashes suitable for encrypting
58 passwords. Will use SHA1 by default.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]59
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]60 See `hash_algos() <http://php.net/function.hash_algos>`_
61 for a full list of supported algorithms.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]62
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]63 Examples::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]64
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]65 $str = do_hash($str); // SHA1
66 $str = do_hash($str, 'md5'); // MD5
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]67
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]68 .. note:: This function was formerly named ``dohash()``, which has been
69 removed in favor of ``do_hash()``.
Andrey Andreev0f0b7692012-06-07 14:57:04 +0300[diff] [blame]70
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]71 .. note:: This function is DEPRECATED. Use the native ``hash()`` instead.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]72
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]73
Derek Jonesb8c283a2013-07-19 16:02:53 -0700[diff] [blame]74.. function:: strip_image_tags($str)
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]75
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]76 :param string $str: Input
77 :returns: string
78
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]79 This is a security function that will strip image tags from a string.
80 It leaves the image URL as plain text.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]81
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]82 Example::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]83
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]84 $string = strip_image_tags($string);
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]85
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]86 This function is an alias for ``CI_Security::strip_image_tags()``. For
87 more info, please see the :doc:`Security Library <../libraries/security>`
88 documentation.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]89
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]90
Derek Jonesb8c283a2013-07-19 16:02:53 -0700[diff] [blame]91.. function:: encode_php_tags($str)
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]92
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]93 :param string $str: Input
94 :returns: string
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]95
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]96 This is a security function that converts PHP tags to entities.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]97
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]98 .. note:: :func:`xss_clean()` does this automatically, if you use it.
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]99
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]100 Example::
Andrey Andreev53b8ef52012-11-08 21:38:53 +0200[diff] [blame]101
Derek Jonesf9491c92013-07-19 16:46:18 -0700[diff] [blame]102 $string = encode_php_tags($string);