Skip to content

CI_Input

Jump to bottom
Mathieu Nayrolles edited this page Jan 20, 2016 · 1 revision

CI_Input

Input Class

Pre-processes global input data for security

  • Class name: CI_Input
  • Namespace:

Properties

$ip_address

protected string $ip_address = FALSE

IP address of the current user

  • Visibility: protected

$_allow_get_array

protected boolean $_allow_get_array = TRUE

Allow GET array flag

If set to FALSE, then $_GET will be set to an empty array.

  • Visibility: protected

$_standardize_newlines

protected boolean $_standardize_newlines

Standardize new lines flag

If set to TRUE, then newlines are standardized.

  • Visibility: protected

$_enable_xss

protected boolean $_enable_xss = FALSE

Enable XSS flag

Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered. Set automatically based on config setting.

  • Visibility: protected

$_enable_csrf

protected boolean $_enable_csrf = FALSE

Enable CSRF flag

Enables a CSRF cookie token to be set. Set automatically based on config setting.

  • Visibility: protected

$headers

protected array $headers = array()

List of all HTTP request headers

  • Visibility: protected

$_raw_input_stream

protected string $_raw_input_stream

Raw input stream data

Holds a cache of php://input contents

  • Visibility: protected

$_input_stream

protected array $_input_stream

Parsed input stream data

Parsed from php://input at runtime

  • Visibility: protected

$security

protected mixed $security
  • Visibility: protected

$uni

protected mixed $uni
  • Visibility: protected

Methods

__construct

void CI_Input::__construct()

Class constructor

Determines whether to globally enable the XSS processing and whether to allow the $_GET array.

  • Visibility: public

_fetch_from_array

mixed CI_Input::_fetch_from_array($array, mixed $index, boolean $xss_clean)

Fetch from array

Internal method used to retrieve values from global arrays.

  • Visibility: protected

Arguments

  • $array mixed
  • $index mixed - <p>Index for item to be fetched from $array</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

get

mixed CI_Input::get(mixed $index, boolean $xss_clean)

Fetch an item from the GET array

  • Visibility: public

Arguments

  • $index mixed - <p>Index for item to be fetched from $_GET</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

post

mixed CI_Input::post(mixed $index, boolean $xss_clean)

Fetch an item from the POST array

  • Visibility: public

Arguments

  • $index mixed - <p>Index for item to be fetched from $_POST</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

post_get

mixed CI_Input::post_get(string $index, boolean $xss_clean)

Fetch an item from POST data with fallback to GET

  • Visibility: public

Arguments

  • $index string - <p>Index for item to be fetched from $_POST or $_GET</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

get_post

mixed CI_Input::get_post(string $index, boolean $xss_clean)

Fetch an item from GET data with fallback to POST

  • Visibility: public

Arguments

  • $index string - <p>Index for item to be fetched from $_GET or $_POST</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

cookie

mixed CI_Input::cookie(mixed $index, boolean $xss_clean)

Fetch an item from the COOKIE array

  • Visibility: public

Arguments

  • $index mixed - <p>Index for item to be fetched from $_COOKIE</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

server

mixed CI_Input::server(mixed $index, boolean $xss_clean)

Fetch an item from the SERVER array

  • Visibility: public

Arguments

  • $index mixed - <p>Index for item to be fetched from $_SERVER</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

input_stream

mixed CI_Input::input_stream(string $index, boolean $xss_clean)

Fetch an item from the php://input stream

Useful when you need to access PUT, DELETE or PATCH request data.

  • Visibility: public

Arguments

  • $index string - <p>Index for item to be fetched</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

set_cookie

void CI_Input::set_cookie(string|array<mixed,mixed> $name, string $value, integer $expire, string $domain, string $path, string $prefix, boolean $secure, boolean $httponly)

Set cookie

Accepts an arbitrary number of parameters (up to 7) or an associative array in the first parameter containing all the values.

  • Visibility: public

Arguments

  • $name string|array<mixed,mixed> - <p>Cookie name or an array containing parameters</p>
  • $value string - <p>Cookie value</p>
  • $expire integer - <p>Cookie expiration time in seconds</p>
  • $domain string - <p>Cookie domain (e.g.: '.yourdomain.com')</p>
  • $path string - <p>Cookie path (default: '/')</p>
  • $prefix string - <p>Cookie name prefix</p>
  • $secure boolean - <p>Whether to only transfer cookies via SSL</p>
  • $httponly boolean - <p>Whether to only makes the cookie accessible via HTTP (no javascript)</p>

ip_address

string CI_Input::ip_address()

Fetch the IP Address

Determines and validates the visitor's IP address.

  • Visibility: public

valid_ip

boolean CI_Input::valid_ip(string $ip, string $which)

Validate IP Address

  • Visibility: public

Arguments

  • $ip string - <p>IP address</p>
  • $which string - <p>IP protocol: 'ipv4' or 'ipv6'</p>

user_agent

string|null CI_Input::user_agent($xss_clean)

Fetch User Agent string

  • Visibility: public

Arguments

  • $xss_clean mixed

_sanitize_globals

void CI_Input::_sanitize_globals()

Sanitize Globals

Internal method serving for the following purposes:

  • Unsets $_GET data, if query strings are not enabled
  • Cleans POST, COOKIE and SERVER data
    • Standardizes newline characters to PHP_EOL
  • Visibility: protected

_clean_input_data

string CI_Input::_clean_input_data(string|array<mixed,string> $str)

Clean Input Data

Internal method that aids in escaping data and standardizing newline characters to PHP_EOL.

  • Visibility: protected

Arguments

  • $str string|array<mixed,string> - <p>Input string(s)</p>

_clean_input_keys

string|boolean CI_Input::_clean_input_keys(string $str, boolean $fatal)

Clean Keys

Internal method that helps to prevent malicious users from trying to exploit keys we make sure that keys are only named with alpha-numeric text and a few other items.

  • Visibility: protected

Arguments

  • $str string - <p>Input string</p>
  • $fatal boolean - <p>Whether to terminate script exection or to return FALSE if an invalid key is encountered</p>

request_headers

array CI_Input::request_headers(boolean $xss_clean)

Request Headers

  • Visibility: public

Arguments

  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

get_request_header

string|null CI_Input::get_request_header(string $index, boolean $xss_clean)

Get Request Header

Returns the value of a single member of the headers class member

  • Visibility: public

Arguments

  • $index string - <p>Header name</p>
  • $xss_clean boolean - <p>Whether to apply XSS filtering</p>

is_ajax_request

boolean CI_Input::is_ajax_request()

Is AJAX request?

Test to see if a request contains the HTTP_X_REQUESTED_WITH header.

  • Visibility: public

is_cli_request

boolean CI_Input::is_cli_request()

Is CLI request?

Test to see if a request was made from the command line.

  • Visibility: public

method

string CI_Input::method(boolean $upper)

Get Request Method

Return the request method

  • Visibility: public

Arguments

  • $upper boolean - <p>Whether to return in upper or lower case (default: FALSE)</p>

__get

mixed CI_Input::__get(string $name)

Magic __get()

Allows read access to protected properties

  • Visibility: public

Arguments

  • $name string
Clone this wiki locally