\CI_Input

Input Class

Pre-processes global input data for security

Summary

Methods

Properties

Constants

__construct()
_fetch_from_array()
get()
post()
get_post()
cookie()
set_cookie()
server()
ip_address()
valid_ip()
user_agent()
_sanitize_globals()
_clean_input_data()
_clean_input_keys()
request_headers()
get_request_header()
is_ajax_request()
is_cli_request()

$ip_address
$user_agent
$_allow_get_array
$_standardize_newlines
$_enable_xss
$_enable_csrf

No constants found

_valid_ipv4()
_valid_ipv6()

$headers

N/A

No private methods found

No private properties found

N/A

File: system/core/Input.php
Package: CodeIgniter\Libraries
Class hierarchy: \CI_Input
See also: http://codeigniter.com/user_guide/libraries/input.html

Properties

$ip_address

$ip_address : string

IP address of the current user

Type

string

$user_agent

$user_agent : string

user agent (web browser) being used by the current user

Type

string

$_allow_get_array

$_allow_get_array : boolean

If FALSE, then $_GET will be set to an empty array

Type

boolean

$_standardize_newlines

$_standardize_newlines : boolean

If TRUE, then newlines are standardized

Type

boolean

$_enable_xss

$_enable_xss : boolean

Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered Set automatically based on config setting

Type

boolean

$_enable_csrf

$_enable_csrf : boolean

Enables a CSRF cookie token to be set.

Set automatically based on config setting

Type

boolean

$headers

$headers : array

List of all HTTP request headers

Type

array

Methods

__construct()

__construct() : void

Constructor

Sets whether to globally enable the XSS processing and whether to allow the $_GET array

_fetch_from_array()

_fetch_from_array(  $array,   $index = '',   $xss_clean = FALSE) : string

Fetch from array

This is a helper function to retrieve values from global arrays

Parameters

	$array
	$index
	$xss_clean

Returns

string

get()

get(  $index = NULL,   $xss_clean = FALSE) : string

Fetch an item from the GET array

Parameters

	$index
	$xss_clean

Returns

string

post()

post(  $index = NULL,   $xss_clean = FALSE) : string

Fetch an item from the POST array

Parameters

	$index
	$xss_clean

Returns

string

get_post()

get_post(  $index = '',   $xss_clean = FALSE) : string

Fetch an item from either the GET array or the POST

Parameters

	$index
	$xss_clean

Returns

string

cookie()

cookie(  $index = '',   $xss_clean = FALSE) : string

Fetch an item from the COOKIE array

Parameters

	$index
	$xss_clean

Returns

string

set_cookie()

set_cookie(  $name = '',   $value = '',   $expire = '',   $domain = '',   $path = '/',   $prefix = '',   $secure = FALSE) : void

Set cookie

Accepts six parameter, or you can submit an associative array in the first parameter containing all the values.

Parameters

	$name
	$value
	$expire
	$domain
	$path
	$prefix
	$secure

server()

server(  $index = '',   $xss_clean = FALSE) : string

Fetch an item from the SERVER array

Parameters

	$index
	$xss_clean

Returns

string

ip_address()

ip_address() : string

Fetch the IP Address

Returns

string

valid_ip()

valid_ip(  $ip,   $which = '') : boolean

Validate IP Address

Parameters

	$ip
	$which

Returns

boolean

user_agent()

user_agent() : string

User Agent

Returns

string

_sanitize_globals()

_sanitize_globals() : void

Sanitize Globals

This function does the following:

Unsets $_GET data (if query strings are not enabled)

Unsets all globals if register_globals is enabled

Standardizes newline characters to \n

_clean_input_data()

_clean_input_data(  $str) : string

Clean Input Data

This is a helper function. It escapes data and standardizes newline characters to \n

Parameters

$str

Returns

string

_clean_input_keys()

_clean_input_keys(  $str) : string

Clean Keys

This is a helper function. To prevent malicious users from trying to exploit keys we make sure that keys are only named with alpha-numeric text and a few other items.

Parameters

$str

Returns

string

request_headers()

request_headers(  $xss_clean = FALSE) : array

Request Headers

In Apache, you can simply call apache_request_headers(), however for people running other webservers the function is undefined.

Parameters

$xss_clean

Returns

array

get_request_header()

get_request_header(  $index,   $xss_clean = FALSE) : mixed

Get Request Header

Returns the value of a single member of the headers class member

Parameters

	$index
	$xss_clean

Returns

mixed —

FALSE on failure, string on success

is_ajax_request()

is_ajax_request() : boolean

Is ajax Request?

Test to see if a request contains the HTTP_X_REQUESTED_WITH header

Returns

boolean

is_cli_request()

is_cli_request() : boolean

Is cli Request?

Test to see if a request was made from the command line

Returns

boolean

_valid_ipv4()

_valid_ipv4(  $ip) : boolean

Validate IPv4 Address

Updated version suggested by Geert De Deckere

Parameters

$ip

Returns

boolean

_valid_ipv6()

_valid_ipv6(  $str) : boolean

Validate IPv6 Address

Parameters

$str

Returns

boolean

category	Input
author	ExpressionEngine Dev Team