CI_Security::sanitize_filename()

sanitize_filename($str[, $relative_path = FALSE])

Parameters:	$str (string) – File name/path $relative_path (bool) – Whether to preserve any directories in the file path
Returns:	Sanitized file name/path
Return type:	string

Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input.

$filename = $this->security->sanitize_filename($this->input->post('filename'));

If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, $relative_path to TRUE.

$filename = $this->security->sanitize_filename($this->input->post('filename'), TRUE);

Links:

http://www.codeigniter.com/user_guide/libraries/security.html#CI_Security::sanitize_filename

doc_CodeIgniter

2016-10-15 16:31:51

Comments