Sanitizes data so that Cross Site Scripting Hacks can be
prevented. This method does a fair amount of work but
it is extremely thorough, designed to prevent even the
most obscure XSS attempts. Nothing is ever 100% foolproof,
of course, but I haven't been able to get anything passed
the filter.
Note: Should only be used to deal with data upon submission.
It's not something that should be used for general
runtime processing.
/** * @param $object * @param $fieldNames */ protected function setStringDataFromPost(&$object, $fieldNames) { if (isset($this->ModelName) && !is_null($this->ModelName) && $this->ModelName !== '') { if (is_array($fieldNames) && count($fieldNames) > 0) { foreach ($fieldNames as $fieldName) { if (class_exists($this->ModelName) && property_exists($this->ModelName, $fieldName)) { $value = addslashes($this->security->xss_clean($this->input->post(strtolower($fieldName)))); $object->{'set' . $fieldName}($value); } } } } }
/** * Get Request Header * * Returns the value of a single member of the headers class member * * @param string $index Header name * @param bool $xss_clean Whether to apply XSS filtering * @return string|null The requested header on success or NULL on failure */ public function get_request_header($index, $xss_clean = FALSE) { static $headers; if (!isset($headers)) { empty($this->headers) && $this->request_headers(); foreach ($this->headers as $key => $value) { $headers[strtolower($key)] = $value; } } $index = strtolower($index); if (!isset($headers[$index])) { return NULL; } return $xss_clean === TRUE ? $this->security->xss_clean($headers[$index]) : $headers[$index]; }