| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 1 | ############### |
| 2 | Security Helper |
| 3 | ############### |
| 4 | |
| 5 | The Security Helper file contains security related functions. |
| 6 | |
| 7 | .. contents:: Page Contents |
| 8 | |
| 9 | Loading this Helper |
| 10 | =================== |
| 11 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 12 | This helper is loaded using the following code:: |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 13 | |
| 14 | $this->load->helper('security'); |
| 15 | |
| 16 | The following functions are available: |
| 17 | |
| 18 | xss_clean() |
| 19 | =========== |
| 20 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 21 | .. php:function:: xss_clean($str, $is_image = FALSE) |
| 22 | |
| 23 | :param string $str: Input data |
| 24 | :param bool $is_image: Whether we're dealing with an image |
| 25 | :returns: string |
| 26 | |
| 27 | Provides Cross Site Script Hack filtering. |
| 28 | |
| 29 | This function is an alias for ``CI_Input::xss_clean()``. For more info, |
| 30 | please see the :doc:`Input Library <../libraries/input>` documentation. |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 31 | |
| 32 | sanitize_filename() |
| 33 | =================== |
| 34 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 35 | .. php:function:: sanitize_filename($filename) |
| 36 | |
| 37 | :param string $filename: Filename |
| 38 | :returns: string |
| 39 | |
| 40 | Provides protection against directory traversal. |
| 41 | |
| 42 | This function is an alias for ``CI_Security::sanitize_filename()``. |
| 43 | For more info, please see the :doc:`Security Library <../libraries/security>` |
| 44 | documentation. |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 45 | |
| 46 | do_hash() |
| 47 | ========= |
| 48 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 49 | .. php:function:: do_hash($str, $type = 'sha1') |
| 50 | |
| 51 | :param string $str: Input |
| 52 | :param string $type: Algorithm |
| 53 | :returns: string |
| 54 | |
| freewil | 8840c96 | 2012-03-18 15:23:09 -0400 | [diff] [blame] | 55 | Permits you to create one way hashes suitable for encrypting |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 56 | passwords. Will use SHA1 by default. |
| 57 | |
| 58 | See `hash_algos() <http://php.net/function.hash_algos>`_ |
| freewil | 8840c96 | 2012-03-18 15:23:09 -0400 | [diff] [blame] | 59 | for a full list of supported algorithms. |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 60 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 61 | Examples:: |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 62 | |
| 63 | $str = do_hash($str); // SHA1 |
| 64 | $str = do_hash($str, 'md5'); // MD5 |
| 65 | |
| Andrey Andreev | 0f0b769 | 2012-06-07 14:57:04 +0300 | [diff] [blame] | 66 | .. note:: This function was formerly named ``dohash()``, which has been |
| 67 | removed in favor of ``do_hash()``. |
| 68 | |
| 69 | .. note:: This function is DEPRECATED. Use the native ``hash()`` instead. |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 70 | |
| 71 | strip_image_tags() |
| 72 | ================== |
| 73 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 74 | .. php:function:: strip_image_tags($str) |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 75 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 76 | :param string $str: Input |
| 77 | :returns: string |
| 78 | |
| 79 | This is a security function that will strip image tags from a string. |
| 80 | It leaves the image URL as plain text. |
| 81 | |
| 82 | Example:: |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 83 | |
| 84 | $string = strip_image_tags($string); |
| 85 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 86 | This function is an alias for ``CI_Security::strip_image_tags()``. For |
| 87 | more info, please see the :doc:`Security Library <../libraries/security>` |
| 88 | documentation. |
| 89 | |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 90 | encode_php_tags() |
| 91 | ================= |
| 92 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 93 | .. php:function:: encode_php_tags($str) |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 94 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 95 | :param string $str: Input |
| 96 | :returns: string |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 97 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 98 | This is a security function that converts PHP tags to entities. |
| Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 99 | |
| Andrey Andreev | 53b8ef5 | 2012-11-08 21:38:53 +0200 | [diff] [blame] | 100 | .. note: :php:func:`xss_clean()` does this automatically, if you use it. |
| 101 | |
| 102 | Example:: |
| 103 | |
| 104 | $string = encode_php_tags($string); |