Codeigniter Security Class Library -This library provide various functions that are used to create a secure application and processing input data for security. This class is also automatically loaded by the system that’s why no need to load manually. Here in this tutorial, we are going to explain how to use security class library.
Codeigniter security class library | Example
Let us understand how security class library works in codeigniter with examples.
Functions:-
Codeigniter security class library provide three types of method.
- 1. XSS Filtering.
- 2. Cross-site request forgery (CSRF).
- 3. Class Reference.
1. XSS Filtering.
Here is simple demo of XSS filtering.
Codiegniter come with a cross site scripting filter, which is commonly used technique to trigger, javascript or other type of code. It is also use to filter data through XSS filter.
Example of XSS filtering
<?php defined('BASEPATH') OR exit('No direct script access allowed');
class xss_controller extends CI_Controller
{
public function xssSecurity()
{
$str = "Tutorialsplane.com";
$data = $this-?>security->xss_clean($str);
echo $data;
if ($this->security->xss_clean($str, TRUE) === FALSE)
{
echo "file failed the XSS test";
}
else
{
return true;
}}}
?>
|
Output will be like this:-
2. Cross-site request forgery (CSRF).
Here is simple demo of cross-site request forgery (CSRF).
We can enable csrf protechtion from application/config/config.php file.
Example of Cross-site request forgery (CSRF).
<?php defined('BASEPATH') OR exit('No direct script access allowed');
class xss_controller extends CI_Controller
{
public function csrfdisplay()
{
$csrf = array(
'name' =?> $this->security->get_csrf_token_name('ram'),
'hash' => $this->security->get_csrf_hash('gff'));
print_r($csrf);
}
}
?>
|
Output will be like this:-
Class reference:-
There are various references available in security class library. Now we will explain.
1. XSS clean.
This reference try to remove XSS program from the input data and return cleaned string.
xss_clean($str[$is_image = FALSE])
- Parameters :
- $str (mixed) : Input string or an array of strings
- Returns : XSS-clean data
- Returns type : Mixed
2. Sanitize filename.
This reference Try to sanitize filename in order to prevent directory traversal attempt and other security threats, which is particularly useful for file that was supplied by user input.
sanitize_filename($str[$relative_path = FALSE])
- Parameters :
- $str (string) : File name/path
- $relative_path (bool) : Whether to preserve any directories in the file path
- Returns : Sanitized file name/path
- Returns type : string
3. Get csrf token name.
This reference return the csrf token name.
get_csrf_token_name()
- Parameters :
- Returns : CSRF token name
- Returns type : string
4. Get csrf hash.
This reference return the csrf hash value.
get_csrf_hash()
- Parameters :
- Returns : CSRF hash
- Returns type : string
5. Entity decode.
This reference try to detect HTML entities.
entity_decode($str[$charset = NULL])
- Parameters :
- $str (string) : Input string
- $charset (string) : Character set of the input string
- Returns : Entity-decoded string
- Returns type : string
6. Get random bytes.
This reference is used to CSRF and XSS tokens.
get_random_bytes($length)
- Parameters :
- $length (int) : Output length
- Returns : A binary stream of random bytes or FALSE on failure
- Returns type : String