Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / dd6719738936be31cdaa1758ca86d5eb14dcab3d / . / system / helpers / security_helper.php
blob: 08dd48a85ee7c6a332a50808361fb8b3467fd373 [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 4.3.2 or newer
6 *
7 * @package CodeIgniter
8 * @author ExpressionEngine Dev Team
Derek Jones7f3719f2010-01-05 13:35:37 +0000[diff] [blame]9 * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * CodeIgniter Security Helpers
20 *
21 * @package CodeIgniter
22 * @subpackage Helpers
23 * @category Helpers
24 * @author ExpressionEngine Dev Team
25 * @link http://codeigniter.com/user_guide/helpers/security_helper.html
26 */
27
28// ------------------------------------------------------------------------
29
30/**
31 * XSS Filtering
32 *
33 * @access public
34 * @param string
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]35 * @param bool whether or not the content is an image file
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]36 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]37 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]38if ( ! function_exists('xss_clean'))
39{
Derek Jonesf0bcb3c2009-02-10 18:40:21 +0000[diff] [blame]40 function xss_clean($str, $is_image = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]41 {
42 $CI =& get_instance();
Derek Jones11b1e512010-03-05 10:22:44 -0600[diff] [blame]43 return $CI->security->xss_clean($str, $is_image);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]44 }
45}
46
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]47// ------------------------------------------------------------------------
48
49/**
50 * Sanitize Filename
51 *
52 * @access public
53 * @param string
54 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]55 */
Derek Allard4433f422010-07-23 08:47:34 -0400[diff] [blame]56if ( ! function_exists('sanitize_filename'))
57{
58 function sanitize_filename($filename)
59 {
60 $CI =& get_instance();
61 return $CI->security->sanitize_filename($filename);
62 }
63}
64
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]65// --------------------------------------------------------------------
66
67/**
68 * Hash encode a string
69 *
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]70 * This is simply an alias for do_hash()
71 * dohash() is now deprecated
72 */
73if ( ! function_exists('dohash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]74{
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]75 function dohash($str, $type = 'sha1')
76 {
Derek Jones11b1e512010-03-05 10:22:44 -0600[diff] [blame]77 return do_hash($str, $type);
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]78 }
79}
80
81// --------------------------------------------------------------------
82
83/**
84 * Hash encode a string
85 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]86 * @access public
87 * @param string
88 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]89 */
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]90if ( ! function_exists('do_hash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]91{
Derek Allard8719a5c2009-10-08 16:42:59 +0000[diff] [blame]92 function do_hash($str, $type = 'sha1')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]93 {
94 if ($type == 'sha1')
95 {
96 if ( ! function_exists('sha1'))
97 {
98 if ( ! function_exists('mhash'))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]99 {
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]100 require_once(BASEPATH.'libraries/Sha1'.EXT);
101 $SH = new CI_SHA;
102 return $SH->generate($str);
103 }
104 else
105 {
106 return bin2hex(mhash(MHASH_SHA1, $str));
107 }
108 }
109 else
110 {
111 return sha1($str);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]112 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]113 }
114 else
115 {
116 return md5($str);
117 }
118 }
119}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]120
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]121// ------------------------------------------------------------------------
122
123/**
124 * Strip Image Tags
125 *
126 * @access public
127 * @param string
128 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]129 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]130if ( ! function_exists('strip_image_tags'))
131{
132 function strip_image_tags($str)
133 {
134 $str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
135 $str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]136
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]137 return $str;
138 }
139}
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]140
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]141// ------------------------------------------------------------------------
142
143/**
144 * Convert PHP tags to entities
145 *
146 * @access public
147 * @param string
148 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame^]149 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]150if ( ! function_exists('encode_php_tags'))
151{
152 function encode_php_tags($str)
153 {
154 return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
155 }
156}
157
158
159/* End of file security_helper.php */
Derek Jonesa3ffbbb2008-05-11 18:18:29 +0000[diff] [blame]160/* Location: ./system/helpers/security_helper.php */