Sanitizes data so that Cross Site Scripting Hacks can be
prevented. This method does a fair amount of work but
it is extremely thorough, designed to prevent even the
most obscure XSS attempts. Nothing is ever 100% foolproof,
of course, but I haven't been able to get anything passed
the filter.
Note: Should only be used to deal with data upon submission.
It's not something that should be used for general
runtime processing.
/**
* @param $object
* @param $fieldNames
*/
protected function setStringDataFromPost(&$object, $fieldNames)
{
if (isset($this->ModelName) && !is_null($this->ModelName) && $this->ModelName !== '') {
if (is_array($fieldNames) && count($fieldNames) > 0) {
foreach ($fieldNames as $fieldName) {
if (class_exists($this->ModelName) && property_exists($this->ModelName, $fieldName)) {
$value = addslashes($this->security->xss_clean($this->input->post(strtolower($fieldName))));
$object->{'set' . $fieldName}($value);
}
}
}
}
}
/**
* Get Request Header
*
* Returns the value of a single member of the headers class member
*
* @param string $index Header name
* @param bool $xss_clean Whether to apply XSS filtering
* @return string|null The requested header on success or NULL on failure
*/
public function get_request_header($index, $xss_clean = FALSE)
{
static $headers;
if (!isset($headers)) {
empty($this->headers) && $this->request_headers();
foreach ($this->headers as $key => $value) {
$headers[strtolower($key)] = $value;
}
}
$index = strtolower($index);
if (!isset($headers[$index])) {
return NULL;
}
return $xss_clean === TRUE ? $this->security->xss_clean($headers[$index]) : $headers[$index];
}
