Security
Provides security mechanisms used by other modules to detect, prevent, log and block attacks like SQL injection, XSS and CSRF.
CSRF features require the Session module.

  • SECURITY_RULE_NOT_NULL The value must be not null, typically used to check whether a parameter has been passed or not. An empty field in a form will not trigger this rule.
  • SECURITY_RULE_NOT_EMPTY The value must not be empty, typically used to check whether a parameter has been passed or not. An empty field in a form will trigger this rule.
  • SECURITY_RULE_INTEGER The value must be an integer (-n to +n without decimals)
  • SECURITY_RULE_POSITIVE The value must be positive (0 to +n)
  • SECURITY_RULE_MAX_VALUE The value must be a number less than or equal the specified value
  • SECURITY_RULE_MIN_VALUE The value must be a number greater than or equal the specified value
  • SECURITY_RULE_MAX_CHARS The value must be less than or equal the specified number of chars
  • SECURITY_RULE_MIN_CHARS The value must be bigger than or equal the specified number of chars
  • SECURITY_RULE_BOOLEAN The value must be either a 0 or a 1
  • SECURITY_RULE_SLUG The value must have the typical URL slug code syntax, containing only numbers and letters from A to Z both lower and uppercase, and -_ characters
  • SECURITY_RULE_URL_SHORT_CODE The value must have the typical URL short code syntax, containing only numbers and letters from A to Z both lower and uppercase
  • SECURITY_RULE_URL_ROUTE The value must have the typical URL slug code syntax, like SECURITY_RULE_SLUG plus the "/" character
  • SECURITY_RULE_LIMITED_VALUES The value must be exactly one of the specified values.
  • SECURITY_RULE_UPLOADED_FILE The value must be a valid uploaded file. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.
  • SECURITY_RULE_UPLOADED_FILE_IMAGE The value must be an uploaded image. A value can be specified that must be an array of keys with setup options for the checkUploadedFile method.
  • SECURITY_RULE_SQL_INJECTION The value must not contain SQL injection suspicious strings
  • SECURITY_RULE_TYPICAL_ID Same as SECURITY_RULE_NOT_EMPTY + SECURITY_RULE_INTEGER + SECURITY_RULE_POSITIVE

  • SECURITY_FILTER_XSS The value is purified to try to remove XSS attacks
  • SECURITY_FILTER_STRIP_TAGS HTML tags are removed from the value
  • SECURITY_FILTER_TRIM Spaces at the beginning and at the end of the value are trimmed
  • SECURITY_FILTER_JSON Decodes json data

Copy link
On this page
Constants
Rules
Filters