version 0.x
Examples Github

Security

Provides security mechanisms used by other modules to detect, prevent, log and block attacks like SQL injection, XSS and CSRF.

CSRF features require the Session module.

Constants

Rules

  • SECURITY_RULE_NOT_NULL The value must be not null, typically used to check whether a parameter has been passed or not. An empty field in a form will not trigger this rule.

  • SECURITY_RULE_NOT_EMPTY The value must not be empty, typically used to check whether a parameter has been passed or not. An empty field in a form will trigger this rule.

  • SECURITY_RULE_INTEGER The value must be an integer (-n to +n without decimals)

  • SECURITY_RULE_POSITIVE The value must be positive (0 to +n)

  • SECURITY_RULE_MAX_VALUE The value must be a number less than or equal the specified value

  • SECURITY_RULE_MIN_VALUE The value must be a number greater than or equal the specified value

  • SECURITY_RULE_MAX_CHARS The value must be less than or equal the specified number of chars

  • SECURITY_RULE_MIN_CHARS The value must be bigger than or equal the specified number of chars

  • SECURITY_RULE_BOOLEAN The value must be either a 0 or a 1

  • SECURITY_RULE_SLUG The value must have the typical URL slug code syntax, containing only numbers and letters from A to Z both lower and uppercase, and -_ characters

  • SECURITY_RULE_URL_SHORT_CODE The value must have the typical URL short code syntax, containing only numbers and letters from A to Z both lower and uppercase

  • SECURITY_RULE_URL_ROUTE The value must have the typical URL slug code syntax, like SECURITY_RULE_SLUG plus the "/" character

  • SECURITY_RULE_LIMITED_VALUES The value must be exactly one of the specified values.

  • SECURITY_RULE_UPLOADED_FILE The value must be a valid uploaded file. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.

  • SECURITY_RULE_UPLOADED_FILE_IMAGE The value must be an uploaded image. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.

  • SECURITY_RULE_SQL_INJECTION The value must not contain SQL injection suspicious strings

  • SECURITY_RULE_TYPICAL_ID Same as SECURITY_RULE_NOT_EMPTY + SECURITY_RULE_INTEGER + SECURITY_RULE_POSITIVE

Filters

  • SECURITY_FILTER_XSS The value is purified to try to remove XSS attacks

  • SECURITY_FILTER_STRIP_TAGS HTML tags are removed from the value

  • SECURITY_FILTER_TRIM Spaces at the beginning and at the end of the value are trimmed

  • SECURITY_FILTER_JSON Decodes json data

PreviousPatterns methodsNextSecurity methods

Last updated