This is documentation for Kohana v2.3.x.

Table of Contents
StatusDraft
Tododocument xss_clean

Input Library

The input library is useful for two things: - pre-process global input for security - provide some useful functions for retrieving input data

Note:

Loading the library

This library is automatically loaded by the controller so you don't need to load it yourself. It is accessed by $this→input in the controller scope.

Methods

get()

allows you to retrieve GET variables. if global XSS filtering is on (config) then data returned by this function will be filtered.

$this→input→get($key = array(), $default = NULL, $xss_clean = FALSE) 

//URL is http://www.example.com/index.php?articleId=123&file=text.txt
//Note that print statements are for documentation purpose only
 
print Kohana::debug($this->input->get());
print Kohana::debug($this->input->get('file'));

It will result in HTML as: 

Array
(
    [articleId] => 123
    [file] => text.txt
)
 
text.txt

You can also pass a default value and manually XSS clean the request by passing parameters. 

$this->input->get('file','default_value'); //'default_value' is the default value if the key doesn't exist.
$this->input->get('file',null,true); //manually apply XSS clean

post()

allows you to retrieve POST variables. if global XSS filtering is on (config) then data returned by this function will be filtered.

$this→input→post($key = array(), $default = NULL, $xss_clean = FALSE) 

//POST variables are articleId=123 and file=text.txt
//Note that print statements are for documentation purpose only
 
print Kohana::debug($this->input->post());
print Kohana::debug($this->input->post('file'));

It will result in HTML as: 

Array
(
    [articleId] => 123
    [file] => text.txt
)
 
text.txt

You can also pass a default value and manually XSS clean the request by passing parameters. 

$this->input->post('file','default_value'); //'default_value' is the default value if the key doesn't exist.
$this->input->post('file',null,true); //manually apply XSS clean

cookie()

allows you to retrieve COOKIE variables. if global XSS filtering is on (config) then data returned by this function will be filtered. 

//COOKIE name is "username" and the contents of this cookie is "aart-jan".
//Note that print statements are for documentation purpose only
 
print Kohana::debug($this->input->cookie());
print Kohana::debug($this->input->cookie('username'));

It will result in HTML as: 

Array
(
    [username] => aart-jan
)
aart-jan

You can also pass a default value and manually XSS clean the request by passing parameters. 

$this->input->cookie('username','default_value'); //'default_value' is the default value if the key doesn't exist.
$this->input->cookie('username',null,true); //manually apply XSS clean

server()

allows you to retrieve SERVER variables. if global XSS filtering is on (config) then data returned by this function will be filtered. An overview of these variables can be found in the php documentation 

//Note that print statements are for documentation purpose only
print Kohana::debug($this->input->server('HTTP_HOST')); //this example ran on a local server

It will result in HTML as: 

localhost

You can also pass a default value and manually XSS clean the request by passing parameters. 

$this->input->server('HTTP_HOST','default_value'); //'default_value' is the default value if the key doesn't exist.
$this->input->server('HTTP_HOST',null,true); //manually apply XSS clean

ip_address()

'ip_address' returns the IP-address of the user visiting using your webapplication. It returns '0.0.0.0' if there's no IP. 

print $this->input->ip_address(); //this example ran on a local server

It will result in HTML as: 

127.0.0.1

valid_ip()

'valid_ip' will check whether the specified IP is a valid IPV4 ip-address according to the RFC specifications.

This function is identical to the IP address validation helper.

xss_clean()

allows you to clean a string to make sure it is safe. 

echo $this->input->xss_clean($suspect_input);