Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 1 | <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
|
| 2 | /**
|
| 3 | * CodeIgniter
|
| 4 | *
|
| 5 | * An open source application development framework for PHP 4.3.2 or newer
|
| 6 | *
|
| 7 | * @package CodeIgniter
|
Derek Allard | 3d879d5 | 2008-01-18 19:41:32 +0000 | [diff] [blame] | 8 | * @author ExpressionEngine Dev Team
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 9 | * @copyright Copyright (c) 2006, EllisLab, Inc.
|
Derek Jones | 7a9193a | 2008-01-21 18:39:20 +0000 | [diff] [blame] | 10 | * @license http://codeigniter.com/user_guide/license.html
|
| 11 | * @link http://codeigniter.com
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 12 | * @since Version 1.0
|
| 13 | * @filesource
|
| 14 | */
|
| 15 |
|
| 16 | // ------------------------------------------------------------------------
|
| 17 |
|
| 18 | /**
|
| 19 | * CodeIgniter Security Helpers
|
| 20 | *
|
| 21 | * @package CodeIgniter
|
| 22 | * @subpackage Helpers
|
| 23 | * @category Helpers
|
Derek Allard | 3d879d5 | 2008-01-18 19:41:32 +0000 | [diff] [blame] | 24 | * @author ExpressionEngine Dev Team
|
Derek Jones | 7a9193a | 2008-01-21 18:39:20 +0000 | [diff] [blame] | 25 | * @link http://codeigniter.com/user_guide/helpers/security_helper.html
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 26 | */
|
| 27 |
|
| 28 | // ------------------------------------------------------------------------
|
| 29 |
|
| 30 | /**
|
| 31 | * XSS Filtering
|
| 32 | *
|
| 33 | * @access public
|
| 34 | * @param string
|
| 35 | * @param string the character set of your data
|
| 36 | * @return string
|
| 37 | */
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 38 | if (! function_exists('xss_clean'))
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 39 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 40 | function xss_clean($str, $charset = 'ISO-8859-1')
|
| 41 | {
|
| 42 | $CI =& get_instance();
|
| 43 | return $CI->input->xss_clean($str, $charset);
|
| 44 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 45 | }
|
| 46 |
|
| 47 | // --------------------------------------------------------------------
|
| 48 |
|
| 49 | /**
|
| 50 | * Hash encode a string
|
| 51 | *
|
| 52 | * @access public
|
| 53 | * @param string
|
| 54 | * @return string
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 55 | */
|
| 56 | if (! function_exists('dohash'))
|
| 57 | {
|
| 58 | function dohash($str, $type = 'sha1')
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 59 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 60 | if ($type == 'sha1')
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 61 | {
|
Derek Allard | 7327499 | 2008-05-05 16:39:18 +0000 | [diff] [blame] | 62 | if (! function_exists('sha1'))
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 63 | {
|
Derek Allard | 7327499 | 2008-05-05 16:39:18 +0000 | [diff] [blame] | 64 | if (! function_exists('mhash'))
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 65 | {
|
| 66 | require_once(BASEPATH.'libraries/Sha1'.EXT);
|
| 67 | $SH = new CI_SHA;
|
| 68 | return $SH->generate($str);
|
| 69 | }
|
| 70 | else
|
| 71 | {
|
| 72 | return bin2hex(mhash(MHASH_SHA1, $str));
|
| 73 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 74 | }
|
| 75 | else
|
| 76 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 77 | return sha1($str);
|
| 78 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 79 | }
|
| 80 | else
|
| 81 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 82 | return md5($str);
|
| 83 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 84 | }
|
| 85 | }
|
| 86 |
|
| 87 | // ------------------------------------------------------------------------
|
| 88 |
|
| 89 | /**
|
| 90 | * Strip Image Tags
|
| 91 | *
|
| 92 | * @access public
|
| 93 | * @param string
|
| 94 | * @return string
|
| 95 | */
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 96 | if (! function_exists('strip_image_tags'))
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 97 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 98 | function strip_image_tags($str)
|
| 99 | {
|
| 100 | $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
|
| 101 | $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 102 |
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 103 | return $str;
|
| 104 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 105 | }
|
| 106 |
|
| 107 | // ------------------------------------------------------------------------
|
| 108 |
|
| 109 | /**
|
| 110 | * Convert PHP tags to entities
|
| 111 | *
|
| 112 | * @access public
|
| 113 | * @param string
|
| 114 | * @return string
|
| 115 | */
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 116 | if (! function_exists('encode_php_tags'))
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 117 | {
|
Derek Jones | 269b942 | 2008-01-28 21:00:20 +0000 | [diff] [blame] | 118 | function encode_php_tags($str)
|
| 119 | {
|
| 120 | return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str);
|
| 121 | }
|
Derek Allard | d2df9bc | 2007-04-15 17:41:17 +0000 | [diff] [blame] | 122 | }
|
| 123 |
|
Derek Jones | a3ffbbb | 2008-05-11 18:18:29 +0000 | [diff] [blame^] | 124 | |
| 125 | /* End of file security_helper.php */ |
| 126 | /* Location: ./system/helpers/security_helper.php */ |