Security 輔助函式

The Security Helper file contains security related functions.

Loading this Helper

This helper is loaded using the following code:

$this->load->helper('security');

Available Functions

The following functions are available:

xss_clean($str[, $is_image = FALSE])
Parameters:
  • $str (string) – Input data
  • $is_image (bool) – Whether we’re dealing with an image
Returns:

XSS-clean string

Return type:

string

Provides Cross Site Script Hack filtering.

This function is an alias for CI_Input::xss_clean(). For more info, please see the Input Library documentation.

sanitize_filename($filename)
Parameters:
  • $filename (string) – Filename
Returns:

Sanitized file name

Return type:

string

Provides protection against directory traversal.

This function is an alias for CI_Security::sanitize_filename(). For more info, please see the Security Library documentation.

do_hash($str[, $type = 'sha1'])
Parameters:
  • $str (string) – Input
  • $type (string) – Algorithm
Returns:

Hex-formatted hash

Return type:

string

Permits you to create one way hashes suitable for encrypting passwords. Will use SHA1 by default.

See hash_algos() for a full list of supported algorithms.

Examples:

$str = do_hash($str); // SHA1
$str = do_hash($str, 'md5'); // MD5

Note

This function was formerly named dohash(), which has been removed in favor of do_hash().

Note

This function is DEPRECATED. Use the native hash() instead.

strip_image_tags($str)
Parameters:
  • $str (string) – Input string
Returns:

The input string with no image tags

Return type:

string

This is a security function that will strip image tags from a string. It leaves the image URL as plain text.

Example:

$string = strip_image_tags($string);

This function is an alias for CI_Security::strip_image_tags(). For more info, please see the Security Library documentation.

encode_php_tags($str)
Parameters:
  • $str (string) – Input string
Returns:

Safely formatted string

Return type:

string

This is a security function that converts PHP tags to entities.

Note

xss_clean() does this automatically, if you use it.

Example:

$string = encode_php_tags($string);