Security Helper
The Security Helper file contains security related functions.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('security');
Available Functions
The following functions are available:
-
xss_clean($str[, $is_image = FALSE])
-
Parameters: - $str (string) – Input data
- $is_image (bool) – Whether we’re dealing with an image
Returns: XSS-clean string
Return type: string
Provides Cross Site Script Hack filtering.
This function is an alias for
CI_Input::xss_clean()
. For more info, please see the Input Library documentation.
-
sanitize_filename($filename)
-
Parameters: - $filename (string) – Filename
Returns: Sanitized file name
Return type: string
Provides protection against directory traversal.
This function is an alias for
CI_Security::sanitize_filename()
. For more info, please see the Security Library documentation.
-
do_hash($str[, $type = 'sha1'])
-
Parameters: - $str (string) – Input
- $type (string) – Algorithm
Returns: Hex-formatted hash
Return type: string
Permits you to create one way hashes suitable for encrypting passwords. Will use SHA1 by default.
See hash_algos() for a full list of supported algorithms.
Examples:
$str = do_hash($str); // SHA1 $str = do_hash($str, 'md5'); // MD5
Note
This function was formerly named
dohash()
, which has been removed in favor ofdo_hash()
.Note
This function is DEPRECATED. Use the native
hash()
instead.
-
Parameters: - $str (string) – Input string
Returns: The input string with no image tags
Return type: string
This is a security function that will strip image tags from a string. It leaves the image URL as plain text.
Example:
$string = strip_image_tags($string);
This function is an alias for
CI_Security::strip_image_tags()
. For more info, please see the Security Library documentation.
-
Parameters: - $str (string) – Input string
Returns: Safely formatted string
Return type: string
This is a security function that converts PHP tags to entities.
Note
xss_clean()
does this automatically, if you use it.Example:
$string = encode_php_tags($string);
© 2014–2020 British Columbia Institute of Technology
Licensed under the MIT License.
https://codeigniter.com/userguide3/helpers/security_helper.html