Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / a176f26c4a0e26443c073fe9ecc121df23e94502 / . / system / helpers / security_helper.php
blob: 06228468f1f22f7da69058f3ff1d697238022c6b [file] [log] [blame]
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]1<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * Code Igniter
4 *
5 * An open source application development framework for PHP 4.3.2 or newer
6 *
7 * @package CodeIgniter
8 * @author Rick Ellis
9 * @copyright Copyright (c) 2006, pMachine, Inc.
admine334c472006-10-21 19:44:22 +0000[diff] [blame]10 * @license http://www.codeignitor.com/user_guide/license.html
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]11 * @link http://www.codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
admine334c472006-10-21 19:44:22 +0000[diff] [blame]15
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]16// ------------------------------------------------------------------------
17
18/**
19 * Code Igniter Security Helpers
20 *
21 * @package CodeIgniter
22 * @subpackage Helpers
23 * @category Helpers
24 * @author Rick Ellis
25 * @link http://www.codeigniter.com/user_guide/helpers/security_helper.html
26 */
27
28// ------------------------------------------------------------------------
29
30/**
31 * XSS Filtering
32 *
33 * @access public
adminfafe28b2006-10-21 19:08:17 +0000[diff] [blame]34 * @param string
35 * @param string the character set of your data
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]36 * @return string
37 */
38function xss_clean($str, $charset = 'ISO-8859-1')
39{
admin75198f92006-10-07 03:16:53 +0000[diff] [blame]40 $CI =& get_instance();
41 return $CI->input->xss_clean($str, $charset);
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]42}
43
44// --------------------------------------------------------------------
45
46/**
47 * Hash encode a string
48 *
49 * @access public
50 * @param string
51 * @return string
52 */
admin73e582f2006-09-06 01:36:34 +0000[diff] [blame]53function dohash($str, $type = 'sha1')
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]54{
55 if ($type == 'sha1')
56 {
57 if ( ! function_exists('sha1'))
58 {
59 if ( ! function_exists('mhash'))
60 {
61 require_once(BASEPATH.'libraries/Sha1'.EXT);
62 $SH = new CI_SHA;
admine334c472006-10-21 19:44:22 +0000[diff] [blame]63 return $SH->generate($str);
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]64 }
65 else
66 {
67 return bin2hex(mhash(MHASH_SHA1, $str));
68 }
69 }
70 else
71 {
72 return sha1($str);
73 }
74 }
75 else
76 {
77 return md5($str);
78 }
79}
80
81// ------------------------------------------------------------------------
82
83/**
84 * Strip Image Tags
85 *
86 * @access public
adminfafe28b2006-10-21 19:08:17 +0000[diff] [blame]87 * @param string
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]88 * @return string
89 */
90function strip_image_tags($str)
admine334c472006-10-21 19:44:22 +0000[diff] [blame]91{
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]92 $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
93 $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
94
95 return $str;
96}
97
98// ------------------------------------------------------------------------
99
100/**
101 * Convert PHP tags to entities
102 *
103 * @access public
adminfafe28b2006-10-21 19:08:17 +0000[diff] [blame]104 * @param string
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]105 * @return string
106 */
107function encode_php_tags($str)
108{
109 return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
110}
111
112?>