PHP Class CI_Input, ci-phpunit-test

Pre-processes global input data for security
Author: ExpressionEngine Dev Team
Mostrar archivo Open project: kenjis/ci-phpunit-test Class Usage Examples

Protected Properties

Property Type Description
$_allow_get_array boolean If set to FALSE, then $_GET will be set to an empty array.
$_enable_csrf boolean Enables a CSRF cookie token to be set. Set automatically based on config setting.
$_enable_xss boolean Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered. Set automatically based on config setting.
$_input_stream array Parsed from php://input at runtime
$_raw_input_stream string Holds a cache of php://input contents
$_standardize_newlines boolean If set to TRUE, then newlines are standardized.
$headers array List of all HTTP request headers
$ip_address string IP address of the current user
$security
$uni

Public Methods

Method Description
__construct ( ) : void Class constructor
__get ( string $name ) : mixed Magic __get()
cookie ( mixed $index = NULL, boolean $xss_clean = NULL ) : mixed Fetch an item from the COOKIE array
get ( mixed $index = NULL, boolean $xss_clean = NULL ) : mixed Fetch an item from the GET array
get_post ( string $index, boolean $xss_clean = NULL ) : mixed Fetch an item from GET data with fallback to POST
get_request_header ( string $index, boolean $xss_clean = FALSE ) : string | null Get Request Header
input_stream ( string $index = NULL, boolean $xss_clean = NULL ) : mixed Fetch an item from the php://input stream
ip_address ( ) : string Fetch the IP Address
is_ajax_request ( ) : boolean Is AJAX request?
is_cli_request ( ) : boolean Is CLI request?
method ( boolean $upper = FALSE ) : string Get Request Method
post ( mixed $index = NULL, boolean $xss_clean = NULL ) : mixed Fetch an item from the POST array
post_get ( string $index, boolean $xss_clean = NULL ) : mixed Fetch an item from POST data with fallback to GET
request_headers ( boolean $xss_clean = FALSE ) : array Request Headers
server ( mixed $index, boolean $xss_clean = NULL ) : mixed Fetch an item from the SERVER array
set_cookie ( string | mixed[] $name, string $value = '', integer $expire = '', string $domain = '', string $path = '/', string $prefix = '', boolean $secure = FALSE, boolean $httponly = FALSE ) : void Set cookie
user_agent ( $xss_clean = NULL ) : string | null Fetch User Agent string
valid_ip ( string $ip, string $which = '' ) : boolean Validate IP Address

Protected Methods

Method Description
_clean_input_data ( string | string[] $str ) : string Clean Input Data
_clean_input_keys ( string $str, boolean $fatal = TRUE ) : string | boolean Clean Keys
_fetch_from_array ( &$array, mixed $index = NULL, boolean $xss_clean = NULL ) : mixed Fetch from array
_sanitize_globals ( ) : void Sanitize Globals

Method Details

__construct() public method

Determines whether to globally enable the XSS processing and whether to allow the $_GET array.
public __construct ( ) : void
return void

__get() public method

Allows read access to protected properties
public __get ( string $name ) : mixed
$name string
return mixed

_clean_input_data() protected method

Internal method that aids in escaping data and standardizing newline characters to PHP_EOL.
protected _clean_input_data ( string | string[] $str ) : string
$str string | string[] Input string(s)
return string

_clean_input_keys() protected method

Internal method that helps to prevent malicious users from trying to exploit keys we make sure that keys are only named with alpha-numeric text and a few other items.
protected _clean_input_keys ( string $str, boolean $fatal = TRUE ) : string | boolean
$str string Input string
$fatal boolean Whether to terminate script exection or to return FALSE if an invalid key is encountered
return string | boolean

_fetch_from_array() protected method

Internal method used to retrieve values from global arrays.
protected _fetch_from_array ( &$array, mixed $index = NULL, boolean $xss_clean = NULL ) : mixed
$index mixed Index for item to be fetched from $array
$xss_clean boolean Whether to apply XSS filtering
return mixed

_sanitize_globals() protected method

Internal method serving for the following purposes: - Unsets $_GET data, if query strings are not enabled - Cleans POST, COOKIE and SERVER data - Standardizes newline characters to PHP_EOL
protected _sanitize_globals ( ) : void
return void

get() public method

Fetch an item from the GET array
public get ( mixed $index = NULL, boolean $xss_clean = NULL ) : mixed
$index mixed Index for item to be fetched from $_GET
$xss_clean boolean Whether to apply XSS filtering
return mixed

get_post() public method

Fetch an item from GET data with fallback to POST
public get_post ( string $index, boolean $xss_clean = NULL ) : mixed
$index string Index for item to be fetched from $_GET or $_POST
$xss_clean boolean Whether to apply XSS filtering
return mixed

get_request_header() public method

Returns the value of a single member of the headers class member
public get_request_header ( string $index, boolean $xss_clean = FALSE ) : string | null
$index string Header name
$xss_clean boolean Whether to apply XSS filtering
return string | null The requested header on success or NULL on failure modified by ci-phpunit-test

input_stream() public method

Useful when you need to access PUT, DELETE or PATCH request data.
public input_stream ( string $index = NULL, boolean $xss_clean = NULL ) : mixed
$index string Index for item to be fetched
$xss_clean boolean Whether to apply XSS filtering
return mixed

ip_address() public method

Determines and validates the visitor's IP address.
public ip_address ( ) : string
return string IP address

is_ajax_request() public method

Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
public is_ajax_request ( ) : boolean
return boolean

is_cli_request() public method

Test to see if a request was made from the command line.
Deprecation: 3.0.0 Use is_cli() instead
public is_cli_request ( ) : boolean
return boolean

method() public method

Return the request method
public method ( boolean $upper = FALSE ) : string
$upper boolean Whether to return in upper or lower case (default: FALSE)
return string

post() public method

Fetch an item from the POST array
public post ( mixed $index = NULL, boolean $xss_clean = NULL ) : mixed
$index mixed Index for item to be fetched from $_POST
$xss_clean boolean Whether to apply XSS filtering
return mixed

post_get() public method

Fetch an item from POST data with fallback to GET
public post_get ( string $index, boolean $xss_clean = NULL ) : mixed
$index string Index for item to be fetched from $_POST or $_GET
$xss_clean boolean Whether to apply XSS filtering
return mixed

request_headers() public method

Request Headers
public request_headers ( boolean $xss_clean = FALSE ) : array
$xss_clean boolean Whether to apply XSS filtering
return array

server() public method

Fetch an item from the SERVER array
public server ( mixed $index, boolean $xss_clean = NULL ) : mixed
$index mixed Index for item to be fetched from $_SERVER
$xss_clean boolean Whether to apply XSS filtering
return mixed

user_agent() public method

Fetch User Agent string
public user_agent ( $xss_clean = NULL ) : string | null
return string | null User Agent string or NULL if it doesn't exist

valid_ip() public method

Validate IP Address
public valid_ip ( string $ip, string $which = '' ) : boolean
$ip string IP address
$which string IP protocol: 'ipv4' or 'ipv6'
return boolean

Property Details

$_allow_get_array protected_oe property

If set to FALSE, then $_GET will be set to an empty array.
protected bool $_allow_get_array
return boolean

$_enable_csrf protected_oe property

Enables a CSRF cookie token to be set. Set automatically based on config setting.
protected bool $_enable_csrf
return boolean

$_enable_xss protected_oe property

Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered. Set automatically based on config setting.
protected bool $_enable_xss
return boolean

$_input_stream protected_oe property

Parsed from php://input at runtime
See also: CI_Input::input_stream()
protected array $_input_stream
return array

$_raw_input_stream protected_oe property

Holds a cache of php://input contents
protected string $_raw_input_stream
return string

$_standardize_newlines protected_oe property

If set to TRUE, then newlines are standardized.
protected bool $_standardize_newlines
return boolean

$headers protected_oe property

List of all HTTP request headers
protected array $headers
return array

$ip_address protected_oe property

IP address of the current user
protected string $ip_address
return string

$security protected_oe property

protected $security

$uni protected_oe property

protected $uni