Updated Uploadify Upload Class CSRF Tokens Session data The right way . (markdown)

Uploadify-Upload-Class-CSRF-Tokens-Session-data---The-right-way-..md

@@ -3,7 +3,7 @@ Recently i had some troubles with the uploadify script and security .So i wrote
 STEP 1. I extended the Upload Class as follows :
 ```php
 
-<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
+<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
 
 
 class MY_Upload extends CI_Upload{
@@ -79,7 +79,7 @@ What the above method does, is just that allows me to skip the mime type checkin
 STEP 2. I created another library to validate the mime type, after the file is uploaded, what this library does, is actually what Upload class would do in normal circumstances and a bit more, you'll see.
 ```php
 
-&lt;?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
+<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
 
 class Uploadify{
 
@@ -323,11 +323,11 @@ STEP 3. The uploadify js code :
 
 [removed]
 $(function(){
-&lt;?php 
+<?php 
 $userdata = json_encode($this->session->userdata);
 $userdata = $this->encrypt->encode($userdata);
 $userdata = base64_encode($userdata);
-?&gt;
+?>
 $("#upload_image").uploadify({
         uploader: site.app_url+'/uploadify/uploadify.swf',
         script: site.site_url+'process_upload',
@@ -338,7 +338,7 @@ $("#upload_image").uploadify({
         fileExt : '*.jpg;*.png;*.gif',
         multi: false,
         wmode:'transparent',
-        scriptData : {userdata:'&lt;?php echo $userdata;?&gt;','token':'&lt;?php echo $token['value'];?&gt;'},
+        scriptData : {userdata:'<?php echo $userdata;?>','token':'<?php echo $token['value'];?>'},
         'onError' : function (a, b, c, d) {
             if (d.type === "File Size")
                 alert&#40;c.name+' '+d.type+' Limit: '+Math.round(d.sizeLimit/1024&#41;+'KB');
@@ -349,7 +349,7 @@ $("#upload_image").uploadify({
             var object = $(event.currentTarget); 
             var id = event.currentTarget.id; 
             $.post(site.site_url+'process_upload/process_method',
-            {filearray: response,token:'&lt;?php echo $token['value'];?&gt;' },function(obj){
+            {filearray: response,token:'<?php echo $token['value'];?>' },function(obj){
                 if(obj.result === 'success'){
                     //Okay, say something nice
                 }else{
@@ -359,14 +359,14 @@ $("#upload_image").uploadify({
         }
     });
 });
-&lt;/ script&gt;
+</ script>
 
 ```
 So this code, will first send the file to be processed to the process_upload
  controller,the process_upload controller will load the Uploadify library and will do the checks, if everything will be okay, will post the filearray variable to process_method method from process_upload controller :
 ```php
 
-&lt;?php if(! defined('BASEPATH')) exit('No direct script access allowed') ;
+<?php if(! defined('BASEPATH')) exit('No direct script access allowed') ;
 
 
 class Process_upload extends MY_Controller{
@@ -422,7 +422,7 @@ STEP 4. During this example, we used a token algorithm, for avoiding CSRF attack
         $this->session->set_userdata($token_data);
         return array(
                 'value'     =>  $token,
-                'input'     =>  '&lt;input type="hidden" name="token" id="token" value="'.$token.'"/&gt;'
+                'input'     =>  '<input type="hidden" name="token" id="token" value="'.$token.'"/>'
                 );
     }
     
@@ -451,7 +451,7 @@ Once you set your token, it can be accessible in your views with $token['input']
 
 Same token algorithm can be used into your forms as follows : 
 ```php
-
+<?php
 function my_form_template()
 { 
   if(!empty($_POST))