Security Helper¶

The Security Helper file contains security related functions.

Loading this Helper ¶

This helper is loaded using the following code:

$this->load->helper('security');

The following functions are available:

xss_clean($str[, $is_image = FALSE])¶

Parameters:	$str (string) – Input data $is_image (bool) – Whether we’re dealing with an image
Returns:	XSS-clean string
Return type:	string

Provides Cross Site Script Hack filtering.

This function is an alias for CI_Input::xss_clean(). For more info, please see the Input Library documentation.

sanitize_filename($filename)¶

Provides protection against directory traversal.

This function is an alias for CI_Security::sanitize_filename(). For more info, please see the Security Library documentation.

do_hash($str[, $type = 'sha1'])¶

Parameters:	$str (string) – Input $type (string) – Algorithm
Returns:	Hex-formatted hash
Return type:	string

Permits you to create one way hashes suitable for encrypting passwords. Will use SHA1 by default.

See hash_algos() for a full list of supported algorithms.

Examples:

$str = do_hash($str); // SHA1
$str = do_hash($str, 'md5'); // MD5

Note

This function was formerly named dohash(), which has been removed in favor of do_hash().

Note

This function is DEPRECATED. Use the native hash() instead.

strip_image_tags($str)¶

Parameters:	$str (string) – Input string
Returns:	The input string with no image tags
Return type:	string

This is a security function that will strip image tags from a string. It leaves the image URL as plain text.

Example:

$string = strip_image_tags($string);

This function is an alias for CI_Security::strip_image_tags(). For more info, please see the Security Library documentation.

encode_php_tags($str)¶

This is a security function that converts PHP tags to entities.

Note

xss_clean() does this automatically, if you use it.

Example:

$string = encode_php_tags($string);