Modules

  1. Kohana
    2. Debug
    3. HTTP_Cache
    4. I18n
    5. Kohana
    6. Kohana_Config_Writer
    7. Kohana_Core
    8. Request
    9. Request_Client
    10. Request_Client_Curl
    11. Request_Client_External
    12. Request_Client_HTTP
    13. Request_Client_Internal
    14. Request_Client_Stream
    15. Response
    16. Route
    17. UTF8
    18. View
    19. +Configuration
      1. Config
      2. Config_File
      3. Config_Group
      4. Kohana_Config_File_Reader
      5. Kohana_Config_Reader
      6. Kohana_Config_Source
    20. +Controller
      1. Controller
      2. Controller_Template
      3. Controller_Welcome
    21. +Exceptions
      1. HTTP_Exception
      2. HTTP_Exception_400
      3. HTTP_Exception_401
      4. HTTP_Exception_402
      5. HTTP_Exception_403
      6. HTTP_Exception_404
      7. HTTP_Exception_405
      8. HTTP_Exception_406
      9. HTTP_Exception_407
      10. HTTP_Exception_408
      11. HTTP_Exception_409
      12. HTTP_Exception_410
      13. HTTP_Exception_411
      14. HTTP_Exception_412
      15. HTTP_Exception_413
      16. HTTP_Exception_414
      17. HTTP_Exception_415
      18. HTTP_Exception_416
      19. HTTP_Exception_417
      20. HTTP_Exception_500
      21. HTTP_Exception_501
      22. HTTP_Exception_502
      23. HTTP_Exception_503
      24. HTTP_Exception_504
      25. HTTP_Exception_505
      26. Kohana_Exception
      27. Request_Exception
      28. Session_Exception
      29. UTF8_Exception
      30. Validation_Exception
      31. View_Exception
    22. +HTTP
      1. HTTP
      2. HTTP_Header
      3. HTTP_Message
      4. HTTP_Request
      5. HTTP_Response
    23. +Helpers
      1. Arr
      2. CLI
      3. Cookie
      4. Date
      5. Feed
      6. File
      7. Form
      8. Fragment
      9. HTML
      10. Inflector
      11. Num
      12. Profiler
      13. Text
      14. URL
      15. Upload
    24. +Logging
      1. Log
      2. Log_File
      3. Log_StdErr
      4. Log_StdOut
      5. Log_Syslog
      6. Log_Writer
    25. +Models
      1. Model
    26. Security
      1. Encrypt
      2. Security
      3. Valid
      4. Validation
    27. +Session
      1. Session
      2. Session_Cookie
      3. Session_Native
  2. +Kohana/Auth
    2. Auth
    3. Auth_File
    4. Auth_ORM
    5. Model_Auth_Role
    6. Model_Auth_User
    7. Model_Auth_User_Token
    8. Model_Role
    9. Model_User
    10. Model_User_Token
  3. +Kohana/Cache
    2. Cache
    3. Cache_Apc
    4. Cache_Arithmetic
    5. Cache_Exception
    6. Cache_File
    7. Cache_GarbageCollect
    8. Cache_Memcache
    9. Cache_MemcacheTag
    10. Cache_Sqlite
    11. Cache_Tagging
    12. Cache_Wincache
  4. +Kohana/Codebench
    2. Codebench
    3. +Controllers
      1. Controller_Codebench
    4. +Tests
      1. Bench_ArrCallback
      2. Bench_AutoLinkEmails
      3. Bench_DateSpan
      4. Bench_ExplodeLimit
      5. Bench_GruberURL
      6. Bench_LtrimDigits
      7. Bench_MDDoBaseURL
      8. Bench_MDDoImageURL
      9. Bench_MDDoIncludeViews
      10. Bench_StripNullBytes
      11. Bench_Transliterate
      12. Bench_URLSite
      13. Bench_UserFuncArray
      14. Bench_ValidColor
      15. Bench_ValidURL
  5. +Kohana/Database
    2. DB
    3. Database
    4. Database_Expression
    5. +Configuration
      1. Config_Database
      2. Config_Database_Reader
      3. Config_Database_Writer
    6. +Drivers
      1. Database_MySQL
      2. Database_PDO
    7. +Exceptions
      1. Database_Exception
    8. +Models
      1. Model_Database
    9. +Query
      1. Database_Query
      2. Database_Query_Builder
      3. Database_Query_Builder_Delete
      4. Database_Query_Builder_Insert
      5. Database_Query_Builder_Join
      6. Database_Query_Builder_Select
      7. Database_Query_Builder_Update
      8. Database_Query_Builder_Where
    10. +Query/Result
      1. Database_MySQL_Result
      2. Database_Result
      3. Database_Result_Cached
    11. +Session
      1. Session_Database
  6. +Kohana/Image
    2. Image
    3. +Drivers
      1. Image_GD
      2. Image_Imagick
  7. +Kohana/ORM
    2. ORM
    3. ORM_Validation_Exception
  8. +Kohana/UnitTest
    2. Unittest_Database_TestCase
    3. Unittest_Tests
  9. +Kohana/Userguide
    2. Kodoc
    3. Kodoc_Class
    4. Kodoc_Markdown
    5. Kodoc_Method
    6. Kodoc_Method_Param
    7. Kodoc_Property
    8. +Controllers
      1. Controller_Userguide
    9. +Undocumented
      1. Kodoc_Missing
  10. +[Unknown]
    2. Unittest_Helpers
    3. Unittest_TestCase
    4. Unittest_TestSuite

Security
extends Kohana_Security

Security helper class.

package
Kohana
category
Security
author
Kohana Team
copyright
© 2007-2012 Kohana Team
license
http://kohanaframework.org/license

Class declared in SYSPATH/classes/security.php on line 3.

Constants

  • None

Properties

Methods

Properties

public static string $token_name

key name used for token storage

string(14) "security_token"

Methods

public static check( string $token ) (defined in Kohana_Security)

Check that the given token matches the currently stored security token.

?
if (Security::check($token))
{
    // Pass
}

Parameters

  • string $token required - Token to check

Tags

Return Values

  • boolean

Source Code

?
public static function check($token)
{
    return Security::token() === $token;
}

public static encode_php_tags( string $str ) (defined in Kohana_Security)

Encodes PHP tags in a string.

?
$str = Security::encode_php_tags($str);

Parameters

  • string $str required - String to sanitize

Return Values

  • string

Source Code

?
public static function encode_php_tags($str)
{
    return str_replace(array('<?', '?>'), array('&lt;?', '?&gt;'), $str);
}

public static strip_image_tags( string $str ) (defined in Kohana_Security)

Remove image tags from a string.

?
$str = Security::strip_image_tags($str);

Parameters

  • string $str required - String to sanitize

Return Values

  • string

Source Code

?
public static function strip_image_tags($str)
{
    return preg_replace('#<img\s.*?(?:src\s*=\s*["\']?([^"\'<>\s]*)["\']?[^>]*)?>#is', '$1', $str);
}

public static token( [ boolean $new = bool FALSE ] ) (defined in Kohana_Security)

Generate and store a unique token which can be used to help prevent CSRF attacks.

?
$token = Security::token();

You can insert this token into your forms as a hidden field:

?
echo Form::hidden('csrf', Security::token());

And then check it when using Validation:

?
$array->rules('csrf', array(
    'not_empty'       => NULL,
    'Security::check' => NULL,
));

This provides a basic, but effective, method of preventing CSRF attacks.

Parameters

  • boolean $new = bool FALSE - Force a new token to be generated?

Tags

Return Values

  • string

Source Code

?
public static function token($new = FALSE)
{
    $session = Session::instance();
 
    // Get the current token
    $token = $session->get(Security::$token_name);
 
    if ($new === TRUE OR ! $token)
    {
        // Generate a new unique token
        $token = sha1(uniqid(NULL, TRUE));
 
        // Store the new token
        $session->set(Security::$token_name, $token);
    }
 
    return $token;
}