Security Helper¶
The Security Helper file contains security related functions.
Page Contents
Loading this Helper¶
This helper is loaded using the following code:
$this->load->helper('security');
The following functions are available:
xss_clean()¶
- xss_clean($str, $is_image = FALSE)¶
Parameters: - $str (string) – Input data
- $is_image (bool) – Whether we’re dealing with an image
Returns: string
Provides Cross Site Script Hack filtering.
This function is an alias for CI_Input::xss_clean(). For more info, please see the Input Library documentation.
sanitize_filename()¶
- sanitize_filename($filename)¶
Parameters: - $filename (string) – Filename
Returns: string
Provides protection against directory traversal.
This function is an alias for CI_Security::sanitize_filename(). For more info, please see the Security Library documentation.
do_hash()¶
- do_hash($str, $type = 'sha1')¶
Parameters: - $str (string) – Input
- $type (string) – Algorithm
Returns: string
Permits you to create one way hashes suitable for encrypting passwords. Will use SHA1 by default.
See hash_algos() for a full list of supported algorithms.
Examples:
$str = do_hash($str); // SHA1
$str = do_hash($str, 'md5'); // MD5
Note
This function was formerly named dohash(), which has been removed in favor of do_hash().
Note
This function is DEPRECATED. Use the native hash() instead.
strip_image_tags()¶
Parameters: - $str (string) – Input
Returns: string
This is a security function that will strip image tags from a string. It leaves the image URL as plain text.
Example:
$string = strip_image_tags($string);
This function is an alias for CI_Security::strip_image_tags(). For more info, please see the Security Library documentation.
encode_php_tags()¶
Parameters: - $str (string) – Input
Returns: string
This is a security function that converts PHP tags to entities.
Example:
$string = encode_php_tags($string);