CodeIgniter框架源码学习之输入类-- Input.php

本文详细介绍了CodeIgniter框架中的核心类Input.php,包括其功能、类结构和主要方法,如GET、POST、COOKIE数据的获取与处理,以及XSS和CSRF防护等。通过对源码的学习,读者可以更深入理解CodeIgniter如何处理用户输入数据,确保应用安全性。
摘要由CSDN通过智能技术生成
文件位置:./system/core/Input.php
<?php
/**
* CodeIgniter
*
* An open source application development framework for PHP
*
* This content is released under the MIT License (MIT)
*
* Copyright (c) 2014 - 2017, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
* @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 1.0.0
* @filesource
*/
defined('BASEPATH') OR exit('No direct script access allowed');

/**
* Input Class
*
* Pre-processes global input data for security
* 为了安全预处理所有输入数据
* @package CodeIgniter
* @subpackage Libraries
* @category Input
* @author EllisLab Dev Team
* @link https://codeigniter.com/user_guide/libraries/input.html
*/
class CI_Input {

/**
* IP address of the current user
* 当前用户的ip地址
* @var string
*/
protected $ip_address = FALSE;

/**
* Allow GET array flag
* 允许GET数组
* If set to FALSE, then $_GET will be set to an empty array.
* 如果设置为false,则$_GET将会被设置成空数组
* @var bool
*/
protected $_allow_get_array = TRUE;

/**
* Standardize(标准化) new lines flag
*
* If set to TRUE, then newlines are standardized.
*
* @var bool
*/
protected $_standardize_newlines;

/**
* Enable XSS flag
*
* Determines whether the XSS filter is always active when
* GET, POST or COOKIE data is encountered.
* Set automatically based on config setting.
* 决定是否在遇到GET、POST或者COOKIE数据时总是开启XSS过滤。
可以在配置文件中设置,就会自动实现
* @var bool
*/
protected $_enable_xss = FALSE;

/**
* Enable CSRF flag
*
* Enables a CSRF cookie token to be set.
* Set automatically based on config setting.
* CSRF的cookie token是否被设置可以在配置文件中设置,就会自动实现
* @var bool
*/
protected $_enable_csrf = FALSE;

/**
* List of all HTTP request headers
* 所有的HTTP请求头列表
* @var array
*/
protected $headers = array();

/**
* Raw input stream data
* 没处理过的输入数据流
* Holds a cache of php://input contents
*
* @var string
*/
protected $_raw_input_stream;

/**
* Parsed input stream data
* 解析输入流数据
* Parsed from php://input at runtime
*
* @see CI_Input::input_stream()
* @var array
*/
protected $_input_stream;

protected $security;
protected $uni;

// --------------------------------------------------------------------

/**
* Class constructor
*
* Determines whether to globally enable the XSS processing
* and whether to allow the $_GET array.
*
* @return void
*/
public function __construct()
{
初始化配置
$this->_allow_get_array = (config_item('allow_get_array') === TRUE);
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
$this->_enable_csrf = (config_item('csrf_protection') === TRUE);
$this->_standardize_newlines = (bool) config_item('standardize_newlines');

$this->security =& load_class('Security', 'core');

// Do we need the UTF-8 class?
if (UTF8_ENABLED === TRUE)
{
$this->uni =& load_class('Utf8', 'core');
}

// Sanitize global arrays
$this->_sanitize_globals();

// CSRF Protection check CSRF保护检查
if ($this->_enable_csrf === TRUE && ! is_cli())
{
$this->security->csrf_verify();
}

log_message('info', 'Input Class Initialized');
}

// --------------------------------------------------------------------

/**
* Fetch from array
*
* Internal method used to retrieve values from global arrays.
* 被用于取全局数组的值的内部方法
* @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值