Security

Provides security mechanisms used by other modules to detect, prevent, log and block attacks like SQL injection, XSS and CSRF.

CSRF features require the Session module.

Constants

Rules

  • SECURITY_RULE_NOT_NULL The value must be not null, typically used to check whether a parameter has been passed or not. An empty field in a form will not trigger this rule.

  • SECURITY_RULE_NOT_EMPTY The value must not be empty, typically used to check whether a parameter has been passed or not. An empty field in a form will trigger this rule.

  • SECURITY_RULE_INTEGER The value must be an integer (-n to +n without decimals)

  • SECURITY_RULE_POSITIVE The value must be positive (0 to +n)

  • SECURITY_RULE_MAX_VALUE The value must be a number less than or equal the specified value

  • SECURITY_RULE_MIN_VALUE The value must be a number greater than or equal the specified value

  • SECURITY_RULE_MAX_CHARS The value must be less than or equal the specified number of chars

  • SECURITY_RULE_MIN_CHARS The value must be bigger than or equal the specified number of chars

  • SECURITY_RULE_BOOLEAN The value must be either a 0 or a 1

  • SECURITY_RULE_SLUG The value must have the typical URL slug code syntax, containing only numbers and letters from A to Z both lower and uppercase, and -_ characters

  • SECURITY_RULE_URL_SHORT_CODE The value must have the typical URL short code syntax, containing only numbers and letters from A to Z both lower and uppercase

  • SECURITY_RULE_URL_ROUTE The value must have the typical URL slug code syntax, like SECURITY_RULE_SLUG plus the "/" character

  • SECURITY_RULE_LIMITED_VALUES The value must be exactly one of the specified values.

  • SECURITY_RULE_UPLOADED_FILE The value must be a valid uploaded file. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.

  • SECURITY_RULE_UPLOADED_FILE_IMAGE The value must be an uploaded image. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.

  • SECURITY_RULE_SQL_INJECTION The value must not contain SQL injection suspicious strings

  • SECURITY_RULE_TYPICAL_ID Same as SECURITY_RULE_NOT_EMPTY + SECURITY_RULE_INTEGER + SECURITY_RULE_POSITIVE

Filters

  • SECURITY_FILTER_XSS The value is purified to try to remove XSS attacks

  • SECURITY_FILTER_STRIP_TAGS HTML tags are removed from the value

  • SECURITY_FILTER_TRIM Spaces at the beginning and at the end of the value are trimmed

  • SECURITY_FILTER_JSON Decodes json data

Last updated