Security Helper

The Security Helper file contains security related functions.

Loading this Helper

This helper is loaded using the following code:

$this->load->helper('security');

Available Functions

The following functions are available:

xss_clean($str[, $is_image = FALSE])

Parameters:

• $str (string) – Input data
• $is_image (bool) – Whether we’re dealing with an image

Returns:

XSS-clean string

Return type:

string

Provides Cross Site Script Hack filtering.

This function is an alias for CI_Input::xss_clean(). For more info, please see the Input Library documentation.

sanitize_filename($filename)

Parameters:

• $filename (string) – Filename

Returns:

Sanitized file name

Return type:

string

Provides protection against directory traversal.

This function is an alias for CI_Security::sanitize_filename(). For more info, please see the Security Library documentation.

strip_image_tags($str)

Parameters:

• $str (string) – Input string

Returns:

The input string with no image tags

Return type:

string

This is a security function that will strip image tags from a string. It leaves the image URL as plain text.

Example:

$string = strip_image_tags($string);

This function is an alias for CI_Security::strip_image_tags(). For more info, please see the Security Library documentation.

encode_php_tags($str)

Parameters:

• $str (string) – Input string

Returns:

Safely formatted string

Return type:

string

This is a security function that converts PHP tags to entities.

Note

xss_clean() does this automatically, if you use it.

Example:

$string = encode_php_tags($string);