Legacy Documentation
You are using the documentation for version 4.3.8. Go here for the latest version.
Security Helper¶
The Security Helper file contains security related functions. This helper is loaded using the following code:
ee()->load->helper('security');
Available Functions¶
-
xss_clean
($str[, $is_image = FALSE])¶ Parameters: - $str (string) – Input data
- $is_image (bool) – Whether we’re dealing with an image
Returns: XSS-clean string
Return type: string
Provides Cross Site Script Hack filtering.
This function is an alias for
Security::xss_clean()
.
-
sanitize_filename
($filename)¶ Parameters: - $filename (string) – Filename
Returns: Sanitized file name
Return type: string
Provides protection against directory traversal.
This function is an alias for
Security::sanitize_filename()
.
Parameters: - $str (string) – Input string
Returns: The input string with no image tags
Return type: string
This is a security function that will strip image tags from a string. It leaves the image URL as plain text.
Example:
$string = strip_image_tags($string);
Parameters: - $str (string) – Input string
Returns: Safely formatted string
Return type: string
This is a security function that converts PHP tags to entities.
Note
xss_clean()
does this automatically, if you use it.Example:
$string = encode_php_tags($string);