Properties

$filenameBadChars

$filenameBadChars : array

List of sanitize filename strings

Type

array

$CSRFHash

$CSRFHash : string

CSRF Hash

Random hash for Cross Site Request Forgery protection cookie

Type

string

$CSRFExpire

$CSRFExpire : integer

CSRF Expire time

Expiration time for Cross Site Request Forgery protection cookie. Defaults to two hours (in seconds).

Type

integer

$CSRFTokenName

$CSRFTokenName : string

CSRF Token name

Token name for Cross Site Request Forgery protection cookie.

Type

string

$CSRFHeaderName

$CSRFHeaderName : string

CSRF Header name

Token name for Cross Site Request Forgery protection cookie.

Type

string

$CSRFCookieName

$CSRFCookieName : string

CSRF Cookie name

Cookie name for Cross Site Request Forgery protection cookie.

Type

string

$CSRFRegenerate

$CSRFRegenerate : boolean

CSRF Regenerate

If true, the CSRF Token will be regenerated on every request. If false, will stay the same for the life of the cookie.

Type

boolean

$cookiePath

$cookiePath : string

Typically will be a forward slash

Type

string

$cookieDomain

$cookieDomain : string

Set to .your-domain.com for site-wide cookies

Type

string

$cookieSecure

$cookieSecure : boolean

Cookie will only be set if a secure HTTPS connection exists.

Type

boolean

Methods

__construct()

__construct(\Config\App  $config) 

Security constructor.

Stores our configuration and fires off the init() method to setup initial state.

Parameters

\Config\App $config

Throws

\Exception

CSRFVerify()

CSRFVerify(\CodeIgniter\HTTP\RequestInterface  $request) : $this|false

CSRF Verify

Parameters

\CodeIgniter\HTTP\RequestInterface $request

Throws

\Exception

Returns

$this|false

getCSRFHash()

getCSRFHash() : string

Returns the current CSRF Hash.

Returns

string

getCSRFTokenName()

getCSRFTokenName() : string

Returns the CSRF Token Name.

Returns

string

sanitizeFilename()

sanitizeFilename(string  $str, boolean  $relative_path = false) : string

Sanitize Filename

Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input.

If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, $relative_path to TRUE.

Parameters

string $str

Input file name

boolean $relative_path

Whether to preserve paths

Returns

string

CSRFSetHash()

CSRFSetHash() : string

Sets the CSRF Hash and cookie.

Throws

\Exception

Returns

string