Security Helper¶
The Security Helper file contains security related functions. This helper is loaded using the following code:
ee()->load->helper('security');
Available Functions¶
-
xss_clean($str[, $is_image = FALSE])¶ Parameters: - $str (string) – Input data
- $is_image (bool) – Whether we’re dealing with an image
Returns: XSS-clean string
Return type: string
Provides Cross Site Script Hack filtering.
This function is an alias for
Security::xss_clean().
-
sanitize_filename($filename)¶ Parameters: - $filename (string) – Filename
Returns: Sanitized file name
Return type: string
Provides protection against directory traversal.
This function is an alias for
Security::sanitize_filename().
Parameters: - $str (string) – Input string
Returns: The input string with no image tags
Return type: string
This is a security function that will strip image tags from a string. It leaves the image URL as plain text.
Example:
$string = strip_image_tags($string);
Parameters: - $str (string) – Input string
Returns: Safely formatted string
Return type: string
This is a security function that converts PHP tags to entities.
Note
xss_clean()does this automatically, if you use it.Example:
$string = encode_php_tags($string);