CI_Security::sanitize_filename()

sanitize_filename($str[, $relative_path = FALSE])

Parameters:
  • $str (string) – File name/path
  • $relative_path (bool) – Whether to preserve any directories in the file path
Returns:

Sanitized file name/path

Return type:

string

Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input.

$filename = $this->security->sanitize_filename($this->input->post('filename'));

If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, $relative_path to TRUE.

$filename = $this->security->sanitize_filename($this->input->post('filename'), TRUE);
doc_CodeIgniter
2016-10-15 16:31:51
Comments
Leave a Comment

Please login to continue.