Security Helper¶
The Security Helper file contains security related functions.
Loading this Helper¶
This helper is loaded using the following code:
$this->load->helper('security');
Available Functions¶
The following functions are available:
-
xss_clean
($str[, $is_image = FALSE])¶ Parameter: - $str (string) – Input data
- $is_image (bool) – Whether we’re dealing with an image
Kembali: XSS-clean string
Return type: string
Provides Cross Site Script Hack filtering.
This function is an alias for
CI_Input::xss_clean()
. For more info, please see the Input Library documentation.
-
sanitize_filename
($filename)¶ Parameter: - $filename (string) – Filename
Kembali: Sanitized file name
Return type: string
Provides protection against directory traversal.
This function is an alias for
CI_Security::sanitize_filename()
. For more info, please see the Security Library documentation.
-
do_hash
($str[, $type = 'sha1'])¶ Parameter: - $str (string) – Input
- $type (string) – Algorithm
Kembali: Hex-formatted hash
Return type: string
Permits you to create one way hashes suitable for encrypting passwords. Will use SHA1 by default.
See hash_algos() for a full list of supported algorithms.
Examples:
$str = do_hash($str); // SHA1 $str = do_hash($str, 'md5'); // MD5
Catatan
This function was formerly named
dohash()
, which has been removed in favor ofdo_hash()
.Catatan
This function is DEPRECATED. Use the native
hash()
instead.
Parameter: - $str (string) – Input string
Kembali: The input string with no image tags
Return type: string
This is a security function that will strip image tags from a string. It leaves the image URL as plain text.
Example:
$string = strip_image_tags($string);
This function is an alias for
CI_Security::strip_image_tags()
. For more info, please see the Security Library documentation.
Parameter: - $str (string) – Input string
Kembali: Safely formatted string
Return type: string
This is a security function that converts PHP tags to entities.
Catatan
xss_clean()
does this automatically, if you use it.Example:
$string = encode_php_tags($string);