Security Class¶

Calling the Security Class
Security filtering
Other Class Variables
- $this->EE->security->sanitize_filename()
- $this->EE->security->xss_hash()

Calling the Security Class ¶

This class is initialized automatically.

$this->EE->security->xss_clean() is the built in ExpressionEngine XSS sanitization method, which is constantly tweaked for improved security and performance. It accepts both a string and an array and will return sanitized text.

$str = $this->EE->security->xss_clean($str);

An optional second parameter, is_image, allows this function to be used to test images for potential XSS attacks, useful for file upload security. When this second parameter is set to TRUE, instead of returning an altered string, the function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

if ($this->EE->security->xss_clean($file, TRUE) === FALSE)
{
    // file failed the XSS test
}

Other Class Variables ¶

$this->EE->security->sanitize_filename()¶

Removes naughty characters from filenames. Returns a sanitized string.

$filename = $this->EE->security->sanitize_filename($name);

$this->EE->security->xss_hash()¶

Returns a random hash.

echo $this->EE->security->xss_hash();

Security Class¶

Calling the Security Class¶

Security filtering¶

Other Class Variables¶

$this->EE->security->sanitize_filename()¶

$this->EE->security->xss_hash()¶

Calling the Security Class ¶

Security filtering ¶

Other Class Variables ¶