Security
Provides security mechanisms used by other modules to detect, prevent, log and block attacks like SQL injection, XSS and CSRF.
CSRF features require the Session module.
Constants
Rules
SECURITY_RULE_NOT_NULLThe value must be not null, typically used to check whether a parameter has been passed or not. An empty field in a form will not trigger this rule.SECURITY_RULE_NOT_EMPTYThe value must not be empty, typically used to check whether a parameter has been passed or not. An empty field in a form will trigger this rule.SECURITY_RULE_INTEGERThe value must be an integer (-n to +n without decimals)SECURITY_RULE_POSITIVEThe value must be positive (0 to +n)SECURITY_RULE_MAX_VALUEThe value must be a number less than or equal the specified valueSECURITY_RULE_MIN_VALUEThe value must be a number greater than or equal the specified valueSECURITY_RULE_MAX_CHARSThe value must be less than or equal the specified number of charsSECURITY_RULE_MIN_CHARSThe value must be bigger than or equal the specified number of charsSECURITY_RULE_BOOLEANThe value must be either a 0 or a 1SECURITY_RULE_SLUGThe value must have the typical URL slug code syntax, containing only numbers and letters from A to Z both lower and uppercase, and -_ charactersSECURITY_RULE_URL_SHORT_CODEThe value must have the typical URL short code syntax, containing only numbers and letters from A to Z both lower and uppercaseSECURITY_RULE_URL_ROUTEThe value must have the typical URL slug code syntax, likeSECURITY_RULE_SLUGplus the "/" characterSECURITY_RULE_LIMITED_VALUESThe value must be exactly one of the specified values.SECURITY_RULE_UPLOADED_FILEThe value must be a valid uploaded file. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.SECURITY_RULE_UPLOADED_FILE_IMAGEThe value must be an uploaded image. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.SECURITY_RULE_SQL_INJECTIONThe value must not contain SQL injection suspicious stringsSECURITY_RULE_TYPICAL_IDSame asSECURITY_RULE_NOT_EMPTY+SECURITY_RULE_INTEGER+SECURITY_RULE_POSITIVE
Filters
SECURITY_FILTER_XSSThe value is purified to try to remove XSS attacksSECURITY_FILTER_STRIP_TAGSHTML tags are removed from the valueSECURITY_FILTER_TRIMSpaces at the beginning and at the end of the value are trimmedSECURITY_FILTER_JSONDecodes json data
Last updated