CodeIgniter框架源码学习之输入类－－ Input.php

最新推荐文章于 2023-03-30 15:00:00 发布

HarcourtFun

最新推荐文章于 2023-03-30 15:00:00 发布

阅读量555

点赞数

分类专栏： CI源码文章标签： codeigniter 框架注释源码

本文链接：https://blog.csdn.net/candydear/article/details/77746231

版权

本文详细介绍了CodeIgniter框架中的核心类Input.php，包括其功能、类结构和主要方法，如GET、POST、COOKIE数据的获取与处理，以及XSS和CSRF防护等。通过对源码的学习，读者可以更深入理解CodeIgniter如何处理用户输入数据，确保应用安全性。

摘要由CSDN通过智能技术生成

  文件位置：./system/core/Input.php 

  <?php 

/**

  * CodeIgniter 

*

  * An open source application development framework for PHP 

*

  * This content is released under the MIT License (MIT) 

*

  * Copyright (c) 2014 - 2017, British Columbia Institute of Technology 

*

  * Permission is hereby granted, free of charge, to any person obtaining a copy 

  * of this software and associated documentation files (the "Software"), to deal 

  * in the Software without restriction, including without limitation the rights 

  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 

  * copies of the Software, and to permit persons to whom the Software is 

  * furnished to do so, subject to the following conditions: 

*

  * The above copyright notice and this permission notice shall be included in 

  * all copies or substantial portions of the Software. 

*

  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 

  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 

  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 

  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 

  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 

  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 

  * THE SOFTWARE. 

*

  * @package CodeIgniter 

  * @author EllisLab Dev Team 

  * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) 

  * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) 

  * @license http://opensource.org/licenses/MIT MIT License 

  * @link https://codeigniter.com 

  * @since Version 1.0.0 

  * @filesource 

*/

  defined('BASEPATH') OR exit('No direct script access allowed'); 

/**

  * Input Class 

*

  * Pre-processes global input data for security 

  * 
 为了安全预处理所有输入数据 

  * @package CodeIgniter 

  * @subpackage Libraries 

  * @category Input 

  * @author EllisLab Dev Team 

  * @link https://codeigniter.com/user_guide/libraries/input.html 

*/

  class CI_Input { 

/**

  * IP address of the current user 

  * 
 当前用户的ip地址 

  * @var string 

*/

  protected $ip_address = FALSE; 

/**

  * Allow GET array flag 

  * 
 允许GET数组 

  * If set to FALSE, then $_GET will be set to an empty array. 

  * 
 如果设置为false，则$_GET将会被设置成空数组 

  * @var bool 

*/

  protected $_allow_get_array = TRUE; 

/**

  * Standardize（标准化） new lines flag 

*

  * If set to TRUE, then newlines are standardized. 

*

  * @var bool 

*/

  protected $_standardize_newlines; 

/**

  * Enable XSS flag 

*

  * Determines whether the XSS filter is always active when 

  * GET, POST or COOKIE data is encountered. 

  * Set automatically based on config setting. 

  * 
 决定是否在遇到GET、POST或者COOKIE数据时总是开启XSS过滤。 

 
 可以在配置文件中设置，就会自动实现 

  * @var bool 

*/

  protected $_enable_xss = FALSE; 

/**

  * Enable CSRF flag 

*

  * Enables a CSRF cookie token to be set. 

  * Set automatically based on config setting. 

  * 
 CSRF的cookie token是否被设置， 
 可以在配置文件中设置，就会自动实现 

  * @var bool 

*/

  protected $_enable_csrf = FALSE; 

/**

  * List of all HTTP request headers 

  * 
 所有的HTTP请求头列表 

  * @var array 

*/

  protected $headers = array(); 

/**

  * Raw input stream data 

  * 
 没处理过的输入数据流 

  * Holds a cache of php://input contents 

*

  * @var string 

*/

  protected $_raw_input_stream; 

/**

  * Parsed input stream data 

  * 
 解析输入流数据 

  * Parsed from php://input at runtime 

*

  * @see CI_Input::input_stream() 

  * @var array 

*/

  protected $_input_stream; 

  protected $security; 

  protected $uni; 

  // -------------------------------------------------------------------- 

/**

  * Class constructor 

*

  * Determines whether to globally enable the XSS processing 

  * and whether to allow the $_GET array. 

*

  * @return void 

*/

  public function __construct() 

{

 
 初始化配置 

  $this->_allow_get_array = (config_item('allow_get_array') === TRUE); 

  $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); 

  $this->_enable_csrf = (config_item('csrf_protection') === TRUE); 

  $this->_standardize_newlines = (bool) config_item('standardize_newlines'); 

  $this->security =& load_class('Security', 'core'); 

  // Do we need the UTF-8 class? 

  if (UTF8_ENABLED === TRUE) 

{

  $this->uni =& load_class('Utf8', 'core'); 

}

  // Sanitize global arrays 

  $this->_sanitize_globals(); 

  // CSRF Protection check 
 CSRF保护检查 

  if ($this->_enable_csrf === TRUE && ! is_cli()) 

{

  $this->security->csrf_verify(); 

}

  log_message('info', 'Input Class Initialized'); 

}

  // -------------------------------------------------------------------- 

/**

  * Fetch from array 

*

  * Internal method used to retrieve values from global arrays. 

  * 
 被用于取全局数组的值的内部方法 

  * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. 

关注

专栏目录