/lenasys/trunk : revision 23.1.1

To get this branch, use:

bzr branch
http://gegoxaren.bato24.eu/bzr/lenasys/trunk

« back to all changes in this revision

Viewing changes to codeigniter/user_guide/general/security.html

Committer: galaxyAbstractor
Date: 2013-04-11 13:59:06 UTC
mto: (23.2.1 lenasys)
mto: This revision was merged to the branch mainline in revision 24.
Revision ID: galaxyabstractor@gmail.com-20130411135906-tohvazsxmw77otid

Removed codeigniter user guide, shouldn't be in the repo
Added and implemented CKEditor Wysiwyg editor for editing of pages
Made already uploaded code files visible as you edit a page
Implemented Adams dropdown menu in codeviewer

files added:
codeigniter/application/views/admin/header.php

codeigniter/js/ckeditor

codeigniter/js/ckeditor/build-config.js

codeigniter/js/ckeditor/ckeditor.js

codeigniter/js/ckeditor/config.js

codeigniter/js/ckeditor/contents.css

codeigniter/js/ckeditor/lang

codeigniter/js/ckeditor/lang/en.js

codeigniter/js/ckeditor/plugins

codeigniter/js/ckeditor/plugins/a11yhelp

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/a11yhelp.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/_translationstatus.txt

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ar.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/bg.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ca.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/cs.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/cy.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/da.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/de.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/el.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/en.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/eo.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/es.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/et.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/fa.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/fi.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/fr.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/gu.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/he.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/hi.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/hr.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/hu.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/it.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ja.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/km.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ku.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/lt.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/lv.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/mk.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/mn.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/nb.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/nl.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/no.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/pl.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/pt-br.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/pt.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ro.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ru.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/sk.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/sl.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/sv.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/th.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/tr.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/ug.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/uk.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/vi.js

codeigniter/js/ckeditor/plugins/a11yhelp/dialogs/lang/zh-cn.js

codeigniter/js/ckeditor/plugins/about

codeigniter/js/ckeditor/plugins/about/dialogs

codeigniter/js/ckeditor/plugins/about/dialogs/about.js

codeigniter/js/ckeditor/plugins/about/dialogs/logo_ckeditor.png

codeigniter/js/ckeditor/plugins/clipboard

codeigniter/js/ckeditor/plugins/clipboard/dialogs

codeigniter/js/ckeditor/plugins/clipboard/dialogs/paste.js

codeigniter/js/ckeditor/plugins/dialog

codeigniter/js/ckeditor/plugins/dialog/dialogDefinition.js

codeigniter/js/ckeditor/plugins/fakeobjects

codeigniter/js/ckeditor/plugins/fakeobjects/images

codeigniter/js/ckeditor/plugins/fakeobjects/images/spacer.gif

codeigniter/js/ckeditor/plugins/icons.png

codeigniter/js/ckeditor/plugins/image

codeigniter/js/ckeditor/plugins/image/dialogs

codeigniter/js/ckeditor/plugins/image/dialogs/image.js

codeigniter/js/ckeditor/plugins/image/images

codeigniter/js/ckeditor/plugins/image/images/noimage.png

codeigniter/js/ckeditor/plugins/link

codeigniter/js/ckeditor/plugins/link/dialogs

codeigniter/js/ckeditor/plugins/link/dialogs/anchor.js

codeigniter/js/ckeditor/plugins/link/dialogs/link.js

codeigniter/js/ckeditor/plugins/link/images

codeigniter/js/ckeditor/plugins/link/images/anchor.png

codeigniter/js/ckeditor/plugins/magicline

codeigniter/js/ckeditor/plugins/magicline/images

codeigniter/js/ckeditor/plugins/magicline/images/icon.png

codeigniter/js/ckeditor/plugins/pastefromword

codeigniter/js/ckeditor/plugins/pastefromword/filter

codeigniter/js/ckeditor/plugins/pastefromword/filter/default.js

codeigniter/js/ckeditor/plugins/scayt

codeigniter/js/ckeditor/plugins/scayt/LICENSE.md

codeigniter/js/ckeditor/plugins/scayt/README.md

codeigniter/js/ckeditor/plugins/scayt/dialogs

codeigniter/js/ckeditor/plugins/scayt/dialogs/options.js

codeigniter/js/ckeditor/plugins/scayt/dialogs/toolbar.css

codeigniter/js/ckeditor/plugins/specialchar

codeigniter/js/ckeditor/plugins/specialchar/dialogs

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/_translationstatus.txt

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/ca.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/cs.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/cy.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/de.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/el.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/en.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/eo.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/et.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/fa.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/fi.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/fr.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/he.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/hr.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/it.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/ku.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/lv.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/nb.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/nl.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/no.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/pl.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/pt-br.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/sk.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/sv.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/th.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/tr.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/ug.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/lang/zh-cn.js

codeigniter/js/ckeditor/plugins/specialchar/dialogs/specialchar.js

codeigniter/js/ckeditor/plugins/table

codeigniter/js/ckeditor/plugins/table/dialogs

codeigniter/js/ckeditor/plugins/table/dialogs/table.js

codeigniter/js/ckeditor/plugins/tabletools

codeigniter/js/ckeditor/plugins/tabletools/dialogs

codeigniter/js/ckeditor/plugins/tabletools/dialogs/tableCell.js

codeigniter/js/ckeditor/plugins/wsc

codeigniter/js/ckeditor/plugins/wsc/LICENSE.md

codeigniter/js/ckeditor/plugins/wsc/README.md

codeigniter/js/ckeditor/plugins/wsc/dialogs

codeigniter/js/ckeditor/plugins/wsc/dialogs/ciframe.html

codeigniter/js/ckeditor/plugins/wsc/dialogs/tmpFrameset.html

codeigniter/js/ckeditor/plugins/wsc/dialogs/wsc.css

codeigniter/js/ckeditor/plugins/wsc/dialogs/wsc.js

codeigniter/js/ckeditor/skins

codeigniter/js/ckeditor/skins/moonocolor

codeigniter/js/ckeditor/skins/moonocolor/dialog.css

codeigniter/js/ckeditor/skins/moonocolor/dialog_ie.css

codeigniter/js/ckeditor/skins/moonocolor/dialog_ie7.css

codeigniter/js/ckeditor/skins/moonocolor/dialog_ie8.css

codeigniter/js/ckeditor/skins/moonocolor/dialog_iequirks.css

codeigniter/js/ckeditor/skins/moonocolor/dialog_opera.css

codeigniter/js/ckeditor/skins/moonocolor/editor.css

codeigniter/js/ckeditor/skins/moonocolor/editor_gecko.css

codeigniter/js/ckeditor/skins/moonocolor/editor_ie.css

codeigniter/js/ckeditor/skins/moonocolor/editor_ie7.css

codeigniter/js/ckeditor/skins/moonocolor/editor_ie8.css

codeigniter/js/ckeditor/skins/moonocolor/editor_iequirks.css

codeigniter/js/ckeditor/skins/moonocolor/icons.png

codeigniter/js/ckeditor/skins/moonocolor/images

codeigniter/js/ckeditor/skins/moonocolor/images/arrow.png

codeigniter/js/ckeditor/skins/moonocolor/images/close.png

codeigniter/js/ckeditor/skins/moonocolor/images/mini.png

codeigniter/js/ckeditor/skins/moonocolor/readme.md

codeigniter/js/ckeditor/styles.js

courses

files removed:
codeigniter/application/models/codeviewer_model.php

codeigniter/user_guide

codeigniter/user_guide/changelog.html

codeigniter/user_guide/database

codeigniter/user_guide/database/active_record.html

codeigniter/user_guide/database/caching.html

codeigniter/user_guide/database/call_function.html

codeigniter/user_guide/database/configuration.html

codeigniter/user_guide/database/connecting.html

codeigniter/user_guide/database/examples.html

codeigniter/user_guide/database/fields.html

codeigniter/user_guide/database/forge.html

codeigniter/user_guide/database/helpers.html

codeigniter/user_guide/database/index.html

codeigniter/user_guide/database/queries.html

codeigniter/user_guide/database/results.html

codeigniter/user_guide/database/table_data.html

codeigniter/user_guide/database/transactions.html

codeigniter/user_guide/database/utilities.html

codeigniter/user_guide/doc_style

codeigniter/user_guide/doc_style/index.html

codeigniter/user_guide/doc_style/template.html

codeigniter/user_guide/general

codeigniter/user_guide/general/alternative_php.html

codeigniter/user_guide/general/ancillary_classes.html

codeigniter/user_guide/general/autoloader.html

codeigniter/user_guide/general/caching.html

codeigniter/user_guide/general/cli.html

codeigniter/user_guide/general/common_functions.html

codeigniter/user_guide/general/controllers.html

codeigniter/user_guide/general/core_classes.html

codeigniter/user_guide/general/creating_drivers.html

codeigniter/user_guide/general/creating_libraries.html

codeigniter/user_guide/general/credits.html

codeigniter/user_guide/general/drivers.html

codeigniter/user_guide/general/environments.html

codeigniter/user_guide/general/errors.html

codeigniter/user_guide/general/helpers.html

codeigniter/user_guide/general/hooks.html

codeigniter/user_guide/general/libraries.html

codeigniter/user_guide/general/managing_apps.html

codeigniter/user_guide/general/models.html

codeigniter/user_guide/general/profiling.html

codeigniter/user_guide/general/quick_reference.html

codeigniter/user_guide/general/requirements.html

codeigniter/user_guide/general/reserved_names.html

codeigniter/user_guide/general/routing.html

codeigniter/user_guide/general/security.html

codeigniter/user_guide/general/styleguide.html

codeigniter/user_guide/general/urls.html

codeigniter/user_guide/general/views.html

codeigniter/user_guide/helpers

codeigniter/user_guide/helpers/array_helper.html

codeigniter/user_guide/helpers/captcha_helper.html

codeigniter/user_guide/helpers/cookie_helper.html

codeigniter/user_guide/helpers/date_helper.html

codeigniter/user_guide/helpers/directory_helper.html

codeigniter/user_guide/helpers/download_helper.html

codeigniter/user_guide/helpers/email_helper.html

codeigniter/user_guide/helpers/file_helper.html

codeigniter/user_guide/helpers/form_helper.html

codeigniter/user_guide/helpers/html_helper.html

codeigniter/user_guide/helpers/inflector_helper.html

codeigniter/user_guide/helpers/language_helper.html

codeigniter/user_guide/helpers/number_helper.html

codeigniter/user_guide/helpers/path_helper.html

codeigniter/user_guide/helpers/security_helper.html

codeigniter/user_guide/helpers/smiley_helper.html

codeigniter/user_guide/helpers/string_helper.html

codeigniter/user_guide/helpers/text_helper.html

codeigniter/user_guide/helpers/typography_helper.html

codeigniter/user_guide/helpers/url_helper.html

codeigniter/user_guide/helpers/xml_helper.html

codeigniter/user_guide/images

codeigniter/user_guide/images/appflowchart.gif

codeigniter/user_guide/images/arrow.gif

codeigniter/user_guide/images/ci_logo.jpg

codeigniter/user_guide/images/ci_logo_flame.jpg

codeigniter/user_guide/images/ci_quick_ref.png

codeigniter/user_guide/images/codeigniter_1.7.1_helper_reference.pdf

codeigniter/user_guide/images/codeigniter_1.7.1_helper_reference.png

codeigniter/user_guide/images/codeigniter_1.7.1_library_reference.pdf

codeigniter/user_guide/images/codeigniter_1.7.1_library_reference.png

codeigniter/user_guide/images/file.gif

codeigniter/user_guide/images/folder.gif

codeigniter/user_guide/images/nav_bg_darker.jpg

codeigniter/user_guide/images/nav_separator_darker.jpg

codeigniter/user_guide/images/nav_toggle_darker.jpg

codeigniter/user_guide/images/reactor-bullet.png

codeigniter/user_guide/images/smile.gif

codeigniter/user_guide/images/transparent.gif

codeigniter/user_guide/index.html

codeigniter/user_guide/installation

codeigniter/user_guide/installation/downloads.html

codeigniter/user_guide/installation/index.html

codeigniter/user_guide/installation/troubleshooting.html

codeigniter/user_guide/installation/upgrade_120.html

codeigniter/user_guide/installation/upgrade_130.html

codeigniter/user_guide/installation/upgrade_131.html

codeigniter/user_guide/installation/upgrade_132.html

codeigniter/user_guide/installation/upgrade_133.html

codeigniter/user_guide/installation/upgrade_140.html

codeigniter/user_guide/installation/upgrade_141.html

codeigniter/user_guide/installation/upgrade_150.html

codeigniter/user_guide/installation/upgrade_152.html

codeigniter/user_guide/installation/upgrade_153.html

codeigniter/user_guide/installation/upgrade_154.html

codeigniter/user_guide/installation/upgrade_160.html

codeigniter/user_guide/installation/upgrade_161.html

codeigniter/user_guide/installation/upgrade_162.html

codeigniter/user_guide/installation/upgrade_163.html

codeigniter/user_guide/installation/upgrade_170.html

codeigniter/user_guide/installation/upgrade_171.html

codeigniter/user_guide/installation/upgrade_172.html

codeigniter/user_guide/installation/upgrade_200.html

codeigniter/user_guide/installation/upgrade_201.html

codeigniter/user_guide/installation/upgrade_202.html

codeigniter/user_guide/installation/upgrade_203.html

codeigniter/user_guide/installation/upgrade_210.html

codeigniter/user_guide/installation/upgrade_211.html

codeigniter/user_guide/installation/upgrade_212.html

codeigniter/user_guide/installation/upgrade_213.html

codeigniter/user_guide/installation/upgrade_b11.html

codeigniter/user_guide/installation/upgrading.html

codeigniter/user_guide/libraries

codeigniter/user_guide/libraries/benchmark.html

codeigniter/user_guide/libraries/caching.html

codeigniter/user_guide/libraries/calendar.html

codeigniter/user_guide/libraries/cart.html

codeigniter/user_guide/libraries/config.html

codeigniter/user_guide/libraries/email.html

codeigniter/user_guide/libraries/encryption.html

codeigniter/user_guide/libraries/file_uploading.html

codeigniter/user_guide/libraries/form_validation.html

codeigniter/user_guide/libraries/ftp.html

codeigniter/user_guide/libraries/image_lib.html

codeigniter/user_guide/libraries/input.html

codeigniter/user_guide/libraries/javascript.html

codeigniter/user_guide/libraries/language.html

codeigniter/user_guide/libraries/loader.html

codeigniter/user_guide/libraries/migration.html

codeigniter/user_guide/libraries/output.html

codeigniter/user_guide/libraries/pagination.html

codeigniter/user_guide/libraries/parser.html

codeigniter/user_guide/libraries/security.html

codeigniter/user_guide/libraries/sessions.html

codeigniter/user_guide/libraries/table.html

codeigniter/user_guide/libraries/trackback.html

codeigniter/user_guide/libraries/typography.html

codeigniter/user_guide/libraries/unit_testing.html

codeigniter/user_guide/libraries/uri.html

codeigniter/user_guide/libraries/user_agent.html

codeigniter/user_guide/libraries/xmlrpc.html

codeigniter/user_guide/libraries/zip.html

codeigniter/user_guide/license.html

codeigniter/user_guide/nav

codeigniter/user_guide/nav/hacks.txt

codeigniter/user_guide/nav/moo.fx.js

codeigniter/user_guide/nav/nav.js

codeigniter/user_guide/nav/prototype.lite.js

codeigniter/user_guide/nav/user_guide_menu.js

codeigniter/user_guide/overview

codeigniter/user_guide/overview/appflow.html

codeigniter/user_guide/overview/at_a_glance.html

codeigniter/user_guide/overview/cheatsheets.html

codeigniter/user_guide/overview/features.html

codeigniter/user_guide/overview/getting_started.html

codeigniter/user_guide/overview/goals.html

codeigniter/user_guide/overview/index.html

codeigniter/user_guide/overview/mvc.html

codeigniter/user_guide/toc.html

codeigniter/user_guide/tutorial

codeigniter/user_guide/tutorial/conclusion.html

codeigniter/user_guide/tutorial/create_news_items.html

codeigniter/user_guide/tutorial/hard_coded_pages.html

codeigniter/user_guide/tutorial/index.html

codeigniter/user_guide/tutorial/news_section.html

codeigniter/user_guide/tutorial/static_pages.html

codeigniter/user_guide/userguide.css

files modified:
codeigniter/application/controllers/admin.php

codeigniter/application/models/admin/admin_model.php

codeigniter/application/views/admin/add_course.php

codeigniter/application/views/admin/add_example.php

codeigniter/application/views/admin/add_page.php

codeigniter/application/views/admin/index.php

codeigniter/application/views/admin/manage_course.php

codeigniter/application/views/admin/manage_example.php

codeigniter/application/views/admin/manage_page.php

codeigniter/application/views/codeviewer/codeviewer.php

codeigniter/css/adminstyle.css

codeigniter/css/codeviewer.css

codeigniter/js/codeviewer.js

Show diffs side-by-side

added added

removed removed

codeigniter/user_guide/general/security.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Security : CodeIgniter User Guide</title>

</head>

<body>

<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>

<tr>

<td><h1>CodeIgniter User Guide Version 2.1.3</h1></td>

<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>

</tr>

</table>

</div>

<tr>

<a href="http://codeigniter.com/">CodeIgniter Home</a>  › 

<a href="../index.html">User Guide Home</a>  › 

Security

</td>

<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide  <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td>

</tr>

</table>

<h1>Security</h1>

<p>This page describes some "best practices" regarding web security, and details

CodeIgniter's internal security features.</p>

<h2>URI Security</h2>

<p>CodeIgniter is fairly restrictive regarding which characters it allows in your URI strings in order to help

minimize the possibility that malicious data can be passed to your application. URIs may only contain the following:

</p>

<ul>

<li>Alpha-numeric text</li>

<li>Tilde: ~ </li>

<li>Period: .</li>

<li>Colon: :</li>

<li>Underscore: _</li>

</ul>

<h2>Register_globals</h2>

<p>During system initialization all global variables are unset, except those found in the $_GET, $_POST, and $_COOKIE arrays. The unsetting

routine is effectively the same as register_globals = off.</p>

<h2>error_reporting</h2>

<p>

In production environments, it is typically desirable to disable PHP's

error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP

errors from being rendered as output, which may potentially contain

sensitive information.

</p>

<p>

Setting CodeIgniter's <kbd>ENVIRONMENT</kbd> constant in index.php to a

value of '<kbd>production</kbd>' will turn off these errors. In development

mode, it is recommended that a value of '<kbd>development</kbd>' is used.

More information about differentiating between environments can be found

on the <a href="environments.html">Handling Environments</a> page.

100

</p>

101

102

<h2>magic_quotes_runtime</h2>

103

104

<p>The magic_quotes_runtime directive is turned off during system initialization so that you don't have to remove slashes when

105

retrieving data from your database.</p>

106

107

<h1>Best Practices</h1>

108

109

<p>Before accepting any data into your application, whether it be POST data from a form submission, COOKIE data, URI data,

110

XML-RPC data, or even data from the SERVER array, you are encouraged to practice this three step approach:</p>

111

112

<ol>

113

<li>Filter the data as if it were tainted.</li>

114

<li>Validate the data to ensure it conforms to the correct type, length, size, etc. (sometimes this step can replace step one)</li>

115

<li>Escape the data before submitting it into your database.</li>

116

</ol>

117

118

<p>CodeIgniter provides the following functions to assist in this process:</p>

119

120

<ul>

121

122

<li><h2>XSS Filtering</h2>

123

124

<p>CodeIgniter comes with a Cross Site Scripting filter. This filter looks for commonly

125

used techniques to embed malicious Javascript into your data, or other types of code that attempt to hijack cookies

126

or do other malicious things. The XSS Filter is described <a href="../libraries/security.html">here</a>.

127

</p>

128

</li>

129

130

<li><h2>Validate the data</h2>

131

132

<p>CodeIgniter has a <a href="../libraries/form_validation.html">Form Validation Class</a> that assists you in validating, filtering, and prepping

133

your data.</p>

134

</li>

135

136

<li><h2>Escape all data before database insertion</h2>

137

138

<p>Never insert information into your database without escaping it. Please see the section that discusses

139

<a href="../database/queries.html">queries</a> for more information.</p>

140

141

</li>

142

143

</ul>

144

145

146

147

148

</div>

149

150

151

152

153

<p>

154

Previous Topic:  <a href="alternative_php.html">Alternative PHP</a>

155

156

<a href="#top">Top of Page</a>   ·  

157

<a href="../index.html">User Guide Home</a>   ·  

158

Next Topic:  <a href="styleguide.html">PHP Style Guide</a>

159

</p>

160

161

</div>

162

163

</body>

164

</html>

b'\\ No newline at end of file'

Older »