CI_Security

class CI_Security

xss_clean($str[, $is_image = FALSE])
Parameters:
  • $str (mixed) – Input string or an array of strings
Returns:

XSS-clean data

Return type:

mixed

Tries to remove XSS exploits from the input data and returns the cleaned string. If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.

sanitize_filename($str[, $relative_path = FALSE])
Parameters:
  • $str (string) – File name/path
  • $relative_path (bool) – Whether to preserve any directories in the file path
Returns:

Sanitized file name/path

Return type:

string

Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input.

$filename = $this->security->sanitize_filename($this->input->post('filename'));

If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, $relative_path to TRUE.

$filename = $this->security->sanitize_filename($this->input->post('filename'), TRUE);
get_csrf_token_name()
Returns: CSRF token name
Return type: string

Returns the CSRF token name (the $config['csrf_token_name'] value).

get_csrf_hash()
Returns: CSRF hash
Return type: string

Returns the CSRF hash value. Useful in combination with get_csrf_token_name() for manually building forms or sending valid AJAX POST requests.

entity_decode($str[, $charset = NULL])
Parameters:
  • $str (string) – Input string
  • $charset (string) – Character set of the input string
Returns:

Entity-decoded string

Return type:

string

This method acts a lot like PHP’s own native html_entity_decode() function in ENT_COMPAT mode, only it tries to detect HTML entities that don’t end in a semicolon because some browsers allow that.

If the $charset parameter is left empty, then your configured $config['charset'] value will be used.

get_random_bytes($length)
Parameters:
  • $length (int) – Output length
Returns:

A binary stream of random bytes or FALSE on failure

Return type:

string

A convenience method for getting proper random bytes via mcrypt_create_iv(), /dev/urandom or openssl_random_pseudo_bytes() (in that order), if one of them is available.

Used for generating CSRF and XSS tokens.

Note

The output is NOT guaranteed to be cryptographically secure, just the best attempt at that.

doc_CodeIgniter
2016-10-15 16:31:50
Comments
Leave a Comment

Please login to continue.