2021-09-12 07:14:02 +00:00
<!DOCTYPE html>
< html class = "writer-html5" lang = "en" >
< head >
2021-09-15 03:10:35 +00:00
< meta charset = "utf-8" / > < meta name = "generator" content = "Docutils 0.17.1: http://docutils.sourceforge.net/" / >
2021-09-12 07:14:02 +00:00
2021-09-15 03:10:35 +00:00
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" / >
2023-01-14 11:09:26 +00:00
< title > Upgrade Security — CodeIgniter 4.3.1 documentation< / title >
2022-06-03 08:10:00 +00:00
< link rel = "stylesheet" href = "../_static/pygments.css" type = "text/css" / >
< link rel = "stylesheet" href = "../_static/css/citheme.css" type = "text/css" / >
< link rel = "shortcut icon" href = "../_static/favicon.ico" / >
2021-09-12 07:14:02 +00:00
<!-- [if lt IE 9]>
< script src = "../_static/js/html5shiv.min.js" > < / script >
<![endif]-->
2022-06-03 08:10:00 +00:00
< script data-url_root = "../" id = "documentation_options" src = "../_static/documentation_options.js" > < / script >
2021-09-12 07:14:02 +00:00
< script src = "../_static/jquery.js" > < / script >
< script src = "../_static/underscore.js" > < / script >
< script src = "../_static/doctools.js" > < / script >
< script src = "../_static/js/citheme.js" > < / script >
< script src = "../_static/js/carbon.js" > < / script >
2021-09-15 03:10:35 +00:00
< script src = "../_static/js/theme.js" > < / script >
2021-09-12 07:14:02 +00:00
< link rel = "index" title = "Index" href = "../genindex.html" / >
< link rel = "search" title = "Search" href = "../search.html" / >
< link rel = "next" title = "Upgrade Sessions" href = "upgrade_sessions.html" / >
< link rel = "prev" title = "Upgrade Routing" href = "upgrade_routing.html" / >
< / head >
2021-09-15 03:10:35 +00:00
< body class = "wy-body-for-nav" >
2021-09-12 07:14:02 +00:00
< div class = "wy-grid-for-nav" >
< nav data-toggle = "wy-nav-shift" class = "wy-nav-side" >
< div class = "wy-side-scroll" >
< div class = "wy-side-nav-search" style = "background: #DD4814" >
2022-06-03 08:10:00 +00:00
< a href = "../index.html" >
< img src = "../_static/ci-logo-text.png" class = "logo" alt = "Logo" / >
2021-09-12 07:14:02 +00:00
< / a >
< div role = "search" >
< form id = "rtd-search-form" class = "wy-form" action = "../search.html" method = "get" >
< input type = "text" name = "q" placeholder = "Search docs" / >
< input type = "hidden" name = "check_keywords" value = "yes" / >
< input type = "hidden" name = "area" value = "default" / >
< / form >
< / div >
2021-09-15 03:10:35 +00:00
< / div > < div class = "wy-menu wy-menu-vertical" data-spy = "affix" role = "navigation" aria-label = "Navigation menu" >
2021-09-12 07:14:02 +00:00
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../intro/index.html" > Welcome to CodeIgniter4< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../intro/index.html" > Welcome to CodeIgniter4< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../intro/requirements.html" > Server Requirements< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../intro/credits.html" > Credits< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../intro/psr.html" > PSR Compliance< / a > < / li >
2021-12-06 01:57:50 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../license.html" > License Agreement< / a > < / li >
2021-09-12 07:14:02 +00:00
< / ul >
< / li >
< / ul >
< ul class = "current" >
< li class = "toctree-l1 current" > < a class = "reference internal" href = "index.html" > Installation< / a > < ul class = "current" >
< li class = "toctree-l2" > < a class = "reference internal" href = "installing_composer.html" > Composer Installation< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "installing_manual.html" > Manual Installation< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "running.html" > Running Your App< / a > < / li >
2022-07-27 00:07:51 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "troubleshooting.html" > Troubleshooting< / a > < / li >
2021-12-06 01:57:50 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../changelogs/index.html" > Change Logs< / a > < / li >
2022-01-25 02:17:02 +00:00
< li class = "toctree-l2 current" > < a class = "reference internal" href = "upgrading.html" > Upgrading From a Previous Version< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "repositories.html" > CodeIgniter Repositories< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../tutorial/index.html" > Build Your First Application< / a > < ul >
2022-03-01 23:33:29 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../tutorial/static_pages.html" > Static Pages< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../tutorial/news_section.html" > News Section< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../tutorial/create_news_items.html" > Create News Items< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../tutorial/conclusion.html" > Conclusion< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../concepts/index.html" > CodeIgniter4 Overview< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/structure.html" > Application Structure< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/mvc.html" > Models, Views, and Controllers< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/autoloader.html" > Autoloading Files< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/services.html" > Services< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/factories.html" > Factories< / a > < / li >
2023-01-18 00:00:11 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/http.html" > Working with HTTP Requests< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../concepts/security.html" > Security Guidelines< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../general/index.html" > General Topics< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/configuration.html" > Configuration< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/urls.html" > CodeIgniter URLs< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/helpers.html" > Helper Functions< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/common_functions.html" > Global Functions and Constants< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/logging.html" > Logging Information< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/errors.html" > Error Handling< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/caching.html" > Web Page Caching< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/ajax.html" > AJAX Requests< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/modules.html" > Code Modules< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/managing_apps.html" > Managing your Applications< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../general/environments.html" > Handling Multiple Environments< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../incoming/index.html" > Controllers and Routing< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/routing.html" > URI Routing< / a > < / li >
2022-03-01 00:18:12 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/controllers.html" > Controllers< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/filters.html" > Controller Filters< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/message.html" > HTTP Messages< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/request.html" > Request Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/incomingrequest.html" > IncomingRequest Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/content_negotiation.html" > Content Negotiation< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/methodspoofing.html" > HTTP Method Spoofing< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../incoming/restful.html" > RESTful Resource Handling< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../outgoing/index.html" > Building Responses< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/views.html" > Views< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/view_cells.html" > View Cells< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/view_renderer.html" > View Renderer< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/view_layouts.html" > View Layouts< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/view_parser.html" > View Parser< / a > < / li >
2022-01-15 04:54:01 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/view_decorators.html" > View Decorators< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/table.html" > HTML Table Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/response.html" > HTTP Responses< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/api_responses.html" > API Response Trait< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/localization.html" > Localization< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../outgoing/alternative_php.html" > Alternate PHP Syntax for View Files< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../database/index.html" > Working With Databases< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/examples.html" > Quick Start: Usage Examples< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/configuration.html" > Database Configuration< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/connecting.html" > Connecting to a Database< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/queries.html" > Running Queries< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/results.html" > Generating Query Results< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/helpers.html" > Query Helper Functions< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/query_builder.html" > Query Builder Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/transactions.html" > Transactions< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/metadata.html" > Getting MetaData< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/call_function.html" > Custom Function Calls< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/events.html" > Database Events< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../database/utilities.html" > Database Utilities< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../models/index.html" > Modeling Data< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../models/model.html" > Using CodeIgniter's Model< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../models/entities.html" > Using Entity Classes< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../dbmgmt/index.html" > Managing Databases< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../dbmgmt/forge.html" > Database Manipulation with Database Forge< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../dbmgmt/migration.html" > Database Migrations< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../dbmgmt/seeds.html" > Database Seeding< / a > < / li >
2022-05-16 22:02:52 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../dbmgmt/db_commands.html" > Database Commands< / a > < / li >
2021-09-12 07:14:02 +00:00
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../libraries/index.html" > Library Reference< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/caching.html" > Caching Driver< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/cookies.html" > Cookies< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/curlrequest.html" > CURLRequest Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/email.html" > Email Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/encryption.html" > Encryption Service< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/files.html" > Working with Files< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/files.html#file-collections" > File Collections< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/honeypot.html" > Honeypot Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/images.html" > Image Manipulation Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/pagination.html" > Pagination< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/publisher.html" > Publisher< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/security.html" > Security< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/sessions.html" > Session Library< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/throttler.html" > Throttler< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/time.html" > Times and Dates< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/typography.html" > Typography< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/uploaded_files.html" > Working with Uploaded Files< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/uri.html" > Working with URIs< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/user_agent.html" > User Agent Class< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../libraries/validation.html" > Validation< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../helpers/index.html" > Helpers< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/array_helper.html" > Array Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/cookie_helper.html" > Cookie Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/date_helper.html" > Date Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/filesystem_helper.html" > Filesystem Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/form_helper.html" > Form Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/html_helper.html" > HTML Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/inflector_helper.html" > Inflector Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/number_helper.html" > Number Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/security_helper.html" > Security Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/test_helper.html" > Test Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/text_helper.html" > Text Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/url_helper.html" > URL Helper< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../helpers/xml_helper.html" > XML Helper< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../testing/index.html" > Testing< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/overview.html" > Getting Started< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/database.html" > Database< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/fabricator.html" > Generating Data< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/controllers.html" > Controller Testing< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/feature.html" > HTTP Testing< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/response.html" > Testing Responses< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/benchmark.html" > Benchmarking< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/debugging.html" > Debugging Your Application< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../testing/mocking.html" > Mocking< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../cli/index.html" > Command Line Usage< / a > < ul >
2022-05-14 11:21:01 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_overview.html" > CLI Overview< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_controllers.html" > Running Controllers via CLI< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/spark_commands.html" > Spark Commands< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_commands.html" > Creating Spark Commands< / a > < / li >
2021-09-12 07:14:02 +00:00
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_generators.html" > CLI Generators< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_library.html" > CLI Library< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../cli/cli_request.html" > CLIRequest Class< / a > < / li >
< / ul >
< / li >
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../extending/index.html" > Extending CodeIgniter< / a > < ul >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/core_classes.html" > Creating Core System Classes< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/common.html" > Replacing Common Functions< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/events.html" > Events< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/basecontroller.html" > Extending the Controller< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/authentication.html" > Authentication< / a > < / li >
< li class = "toctree-l2" > < a class = "reference internal" href = "../extending/contributing.html" > Contributing to CodeIgniter< / a > < / li >
< / ul >
< / li >
2022-06-03 00:48:01 +00:00
< / ul >
< ul >
< li class = "toctree-l1" > < a class = "reference internal" href = "../libraries/official_packages.html" > Official Packages< / a > < / li >
2021-09-12 07:14:02 +00:00
< / ul >
< / div >
< / div >
< / nav >
2021-09-15 03:10:35 +00:00
< section data-toggle = "wy-nav-shift" class = "wy-nav-content-wrap" > < nav class = "wy-nav-top" aria-label = "Mobile navigation menu" style = "background: #DD4814" >
2021-09-12 07:14:02 +00:00
< i data-toggle = "wy-nav-top" class = "fa fa-bars" > < / i >
< a href = "../index.html" > CodeIgniter< / a >
< / nav >
< div class = "wy-nav-content" >
< div class = "rst-content" >
2022-05-11 12:23:01 +00:00
< a class = "btn btn-neutral float-right" href = "https://github.com/codeigniter4/CodeIgniter4/edit/develop/user_guide_src/source/installation/upgrade_security.rst" > Edit this page< / a >
2021-09-15 03:10:35 +00:00
< div role = "navigation" aria-label = "Page navigation" >
2021-09-12 07:14:02 +00:00
< ul class = "wy-breadcrumbs" >
2022-11-05 09:19:23 +00:00
< li > < a href = "../index.html" class = "icon icon-home" > < / a > < / li >
< li class = "breadcrumb-item" > < a href = "index.html" > Installation< / a > < / li >
< li class = "breadcrumb-item" > < a href = "upgrading.html" > Upgrading From a Previous Version< / a > < / li >
< li class = "breadcrumb-item" > < a href = "upgrade_4xx.html" > Upgrading from 3.x to 4.x< / a > < / li >
< li class = "breadcrumb-item active" > Upgrade Security< / li >
2021-09-12 07:14:02 +00:00
< li class = "wy-breadcrumbs-aside" >
< / li >
< / ul >
< hr / >
< / div >
< div role = "main" class = "document" itemscope = "itemscope" itemtype = "http://schema.org/Article" >
< div itemprop = "articleBody" >
2021-09-15 03:10:35 +00:00
< section id = "upgrade-security" >
< h1 > Upgrade Security< a class = "headerlink" href = "#upgrade-security" title = "Permalink to this headline" > < / a > < / h1 >
2021-09-12 07:14:02 +00:00
< div class = "contents local topic" id = "contents" >
< ul class = "simple" >
< li > < p > < a class = "reference internal" href = "#documentations" id = "id1" > Documentations< / a > < / p > < / li >
< li > < p > < a class = "reference internal" href = "#what-has-been-changed" id = "id2" > What has been changed< / a > < / p > < / li >
< li > < p > < a class = "reference internal" href = "#upgrade-guide" id = "id3" > Upgrade Guide< / a > < / p > < / li >
2021-12-23 02:16:08 +00:00
< li > < p > < a class = "reference internal" href = "#code-example" id = "id4" > Code Example< / a > < / p >
< ul >
2022-01-25 02:49:40 +00:00
< li > < p > < a class = "reference internal" href = "#codeigniter-version-3-x" id = "id5" > CodeIgniter Version 3.x< / a > < / p > < / li >
2021-12-23 02:16:08 +00:00
< li > < p > < a class = "reference internal" href = "#codeigniter-version-4-x" id = "id6" > CodeIgniter Version 4.x< / a > < / p > < / li >
< / ul >
< / li >
2021-09-12 07:14:02 +00:00
< / ul >
< / div >
2021-09-15 03:10:35 +00:00
< section id = "documentations" >
< h2 > < a class = "toc-backref" href = "#id1" > Documentations< / a > < a class = "headerlink" href = "#documentations" title = "Permalink to this headline" > < / a > < / h2 >
2021-09-12 07:14:02 +00:00
< ul class = "simple" >
2021-11-13 04:06:30 +00:00
< li > < p > < a class = "reference external" href = "http://codeigniter.com/userguide3/libraries/security.html" > Security Class Documentation CodeIgniter 3.X< / a > < / p > < / li >
< li > < p > < a class = "reference internal" href = "../libraries/security.html" > < span class = "doc" > Security Documentation CodeIgniter 4.X< / span > < / a > < / p > < / li >
2021-09-12 07:14:02 +00:00
< / ul >
< div class = "admonition note" >
< p class = "admonition-title" > Note< / p >
2022-12-27 08:27:12 +00:00
< p > If you use the < a class = "reference internal" href = "../helpers/form_helper.html" > < span class = "doc" > Form Helper< / span > < / a > and enable the CSRF filter globally, then < a class = "reference internal" href = "../helpers/form_helper.html#form_open" title = "form_open" > < code class = "xref php php-func docutils literal notranslate" > < span class = "pre" > form_open()< / span > < / code > < / a > will automatically insert a hidden CSRF field in your forms. So you do not have to upgrade this by yourself.< / p >
2021-09-12 07:14:02 +00:00
< / div >
2021-09-15 03:10:35 +00:00
< / section >
< section id = "what-has-been-changed" >
< h2 > < a class = "toc-backref" href = "#id2" > What has been changed< / a > < a class = "headerlink" href = "#what-has-been-changed" title = "Permalink to this headline" > < / a > < / h2 >
2021-09-12 07:14:02 +00:00
< ul class = "simple" >
2022-12-27 08:27:12 +00:00
< li > < p > The method to implement CSRF tokens to HTML forms has been changed.< / p > < / li >
2021-09-12 07:14:02 +00:00
< / ul >
2021-09-15 03:10:35 +00:00
< / section >
< section id = "upgrade-guide" >
< h2 > < a class = "toc-backref" href = "#id3" > Upgrade Guide< / a > < a class = "headerlink" href = "#upgrade-guide" title = "Permalink to this headline" > < / a > < / h2 >
2021-09-12 07:14:02 +00:00
< ol class = "arabic" >
2021-12-03 03:51:28 +00:00
< li > < p > To enable CSRF protection in CI4 you have to enable it in < strong > app/Config/Filters.php< / strong > :< / p >
2022-02-25 23:36:32 +00:00
< div class = "highlight-html+php notranslate" > < div class = "highlight" > < pre > < span > < / span > < span class = "o" > < ?< / span > < span class = "nx" > php< / span >
2022-03-04 00:27:19 +00:00
< span class = "k" > namespace< / span > < span class = "nx" > Config< / span > < span class = "p" > ;< / span >
< span class = "k" > use< / span > < span class = "nx" > CodeIgniter\Config\BaseConfig< / span > < span class = "p" > ;< / span >
< span class = "k" > class< / span > < span class = "nc" > Filters< / span > < span class = "k" > extends< / span > < span class = "nx" > BaseConfig< / span >
< span class = "p" > {< / span >
< span class = "c1" > // ...< / span >
< span class = "k" > public< / span > < span class = "nv" > $globals< / span > < span class = "o" > =< / span > < span class = "p" > [< / span >
< span class = "s1" > ' before' < / span > < span class = "o" > => < / span > < span class = "p" > [< / span >
< span class = "c1" > // ' honeypot' ,< / span >
< span class = "s1" > ' csrf' < / span > < span class = "p" > ,< / span >
< span class = "p" > ],< / span >
< span class = "p" > ];< / span >
2022-12-27 08:27:12 +00:00
2022-03-04 00:27:19 +00:00
< span class = "c1" > // ...< / span >
< span class = "p" > }< / span >
2021-09-12 07:14:02 +00:00
< / pre > < / div >
< / div >
< / li >
2021-10-13 07:27:11 +00:00
< li > < p > Within your HTML forms you have to remove the CSRF input field which looks similar to < code class = "docutils literal notranslate" > < span class = "pre" > < input< / span > < span class = "pre" > type=" hidden" < / span > < span class = "pre" > name=" < ?=< / span > < span class = "pre" > $csrf['name']< / span > < span class = "pre" > ?> " < / span > < span class = "pre" > value=" < ?=< / span > < span class = "pre" > $csrf['hash']< / span > < span class = "pre" > ?> " < / span > < span class = "pre" > /> < / span > < / code > .< / p > < / li >
< li > < p > Now, within your HTML forms you have to add < code class = "docutils literal notranslate" > < span class = "pre" > < ?=< / span > < span class = "pre" > csrf_field()< / span > < span class = "pre" > ?> < / span > < / code > somewhere in the form body, unless you are using < code class = "docutils literal notranslate" > < span class = "pre" > form_open()< / span > < / code > .< / p > < / li >
2021-09-12 07:14:02 +00:00
< / ol >
2021-09-15 03:10:35 +00:00
< / section >
< section id = "code-example" >
< h2 > < a class = "toc-backref" href = "#id4" > Code Example< / a > < a class = "headerlink" href = "#code-example" title = "Permalink to this headline" > < / a > < / h2 >
2022-01-25 02:49:40 +00:00
< section id = "codeigniter-version-3-x" >
< h3 > < a class = "toc-backref" href = "#id5" > CodeIgniter Version 3.x< / a > < a class = "headerlink" href = "#codeigniter-version-3-x" title = "Permalink to this headline" > < / a > < / h3 >
2022-02-25 23:36:32 +00:00
< div class = "highlight-html+php notranslate" > < div class = "highlight" > < pre > < span > < / span > < span class = "o" > < ?< / span > < span class = "nx" > php< / span >
< span class = "nv" > $csrf< / span > < span class = "o" > =< / span > < span class = "k" > array< / span > < span class = "p" > (< / span >
2021-09-12 07:14:02 +00:00
< span class = "s1" > ' name' < / span > < span class = "o" > => < / span > < span class = "nv" > $this< / span > < span class = "o" > -> < / span > < span class = "na" > security< / span > < span class = "o" > -> < / span > < span class = "na" > get_csrf_token_name< / span > < span class = "p" > (),< / span >
< span class = "s1" > ' hash' < / span > < span class = "o" > => < / span > < span class = "nv" > $this< / span > < span class = "o" > -> < / span > < span class = "na" > security< / span > < span class = "o" > -> < / span > < span class = "na" > get_csrf_hash< / span > < span class = "p" > ()< / span >
< span class = "p" > );< / span >
2022-02-25 23:36:32 +00:00
< span class = "cp" > ?> < / span >
2021-09-12 07:14:02 +00:00
2022-02-25 23:36:32 +00:00
< span class = "p" > < < / span > < span class = "nt" > form< / span > < span class = "p" > > < / span >
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > name< / span > < span class = "o" > =< / span > < span class = "s" > " name" < / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " text" < / span > < span class = "p" > > < / span >
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > name< / span > < span class = "o" > =< / span > < span class = "s" > " email" < / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " text" < / span > < span class = "p" > > < / span >
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > name< / span > < span class = "o" > =< / span > < span class = "s" > " password" < / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " password" < / span > < span class = "p" > > < / span >
2021-09-12 07:14:02 +00:00
2023-01-10 01:56:19 +00:00
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " hidden" < / span > < span class = "na" > name< / span > < span class = "o" > =< / span > < span class = "s" > " < / span > < span class = "cp" > < ?< / span > < span class = "o" > =< / span > < span class = "nv" > $csrf< / span > < span class = "p" > [< / span > < span class = "s1" > ' name' < / span > < span class = "p" > ]< / span > < span class = "cp" > ?> < / span > < span class = "s" > " < / span > < span class = "na" > value< / span > < span class = "o" > =< / span > < span class = "s" > " < / span > < span class = "cp" > < ?< / span > < span class = "o" > =< / span > < span class = "nv" > $csrf< / span > < span class = "p" > [< / span > < span class = "s1" > ' hash' < / span > < span class = "p" > ]< / span > < span class = "cp" > ?> < / span > < span class = "s" > " < / span > < span class = "p" > > < / span >
2022-02-25 23:36:32 +00:00
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " submit" < / span > < span class = "na" > value< / span > < span class = "o" > =< / span > < span class = "s" > " Save" < / span > < span class = "p" > > < / span >
< span class = "p" > < /< / span > < span class = "nt" > form< / span > < span class = "p" > > < / span >
2021-09-12 07:14:02 +00:00
< / pre > < / div >
< / div >
2021-09-15 03:10:35 +00:00
< / section >
< section id = "codeigniter-version-4-x" >
2021-12-23 02:16:08 +00:00
< h3 > < a class = "toc-backref" href = "#id6" > CodeIgniter Version 4.x< / a > < a class = "headerlink" href = "#codeigniter-version-4-x" title = "Permalink to this headline" > < / a > < / h3 >
2021-09-12 07:14:02 +00:00
< div class = "highlight-html+php notranslate" > < div class = "highlight" > < pre > < span > < / span > < span class = "o" > < < / span > < span class = "nx" > form< / span > < span class = "o" > > < / span >
< span class = "o" > < < / span > < span class = "nx" > input< / span > < span class = "nx" > name< / span > < span class = "o" > =< / span > < span class = "s2" > " name" < / span > < span class = "nx" > type< / span > < span class = "o" > =< / span > < span class = "s2" > " text" < / span > < span class = "o" > > < / span >
< span class = "o" > < < / span > < span class = "nx" > input< / span > < span class = "nx" > name< / span > < span class = "o" > =< / span > < span class = "s2" > " email" < / span > < span class = "nx" > type< / span > < span class = "o" > =< / span > < span class = "s2" > " text" < / span > < span class = "o" > > < / span >
< span class = "o" > < < / span > < span class = "nx" > input< / span > < span class = "nx" > name< / span > < span class = "o" > =< / span > < span class = "s2" > " password" < / span > < span class = "nx" > type< / span > < span class = "o" > =< / span > < span class = "s2" > " password" < / span > < span class = "o" > > < / span >
< span class = "o" > < ?=< / span > < span class = "nx" > csrf_field< / span > < span class = "p" > ()< / span > < span class = "cp" > ?> < / span >
< span class = "p" > < < / span > < span class = "nt" > input< / span > < span class = "na" > type< / span > < span class = "o" > =< / span > < span class = "s" > " submit" < / span > < span class = "na" > value< / span > < span class = "o" > =< / span > < span class = "s" > " Save" < / span > < span class = "p" > > < / span >
< span class = "p" > < /< / span > < span class = "nt" > form< / span > < span class = "p" > > < / span >
< / pre > < / div >
< / div >
2021-09-15 03:10:35 +00:00
< / section >
< / section >
< / section >
2021-09-12 07:14:02 +00:00
< / div >
< / div >
2021-09-15 03:10:35 +00:00
< footer > < div class = "rst-footer-buttons" role = "navigation" aria-label = "Footer" >
2021-09-12 07:14:02 +00:00
< a href = "upgrade_routing.html" class = "btn btn-neutral float-left" title = "Upgrade Routing" accesskey = "p" rel = "prev" > < span class = "fa fa-arrow-circle-left" aria-hidden = "true" > < / span > Previous< / a >
2021-09-15 03:10:35 +00:00
< a href = "upgrade_sessions.html" class = "btn btn-neutral float-right" title = "Upgrade Sessions" accesskey = "n" rel = "next" > Next < span class = "fa fa-arrow-circle-right" aria-hidden = "true" > < / span > < / a >
2021-09-12 07:14:02 +00:00
< / div >
< hr / >
< div role = "contentinfo" >
2023-01-05 11:46:26 +00:00
< p > © Copyright 2019-2023 CodeIgniter Foundation.
2023-02-06 16:55:26 +00:00
< span class = "lastupdated" > Last updated on Feb 06, 2023.
2021-09-15 03:10:35 +00:00
< / span > < / p >
2021-09-12 07:14:02 +00:00
< / div >
2021-09-15 03:10:35 +00:00
Built with < a href = "https://www.sphinx-doc.org/" > Sphinx< / a > using a
2021-09-12 07:14:02 +00:00
< a href = "https://github.com/readthedocs/sphinx_rtd_theme" > theme< / a >
2021-09-15 03:10:35 +00:00
provided by < a href = "https://readthedocs.org" > Read the Docs< / a > .
2021-09-12 07:14:02 +00:00
< / footer >
< / div >
< / div >
< / section >
< / div >
2021-09-15 03:10:35 +00:00
< script >
2021-09-12 07:14:02 +00:00
jQuery(function () {
SphinxRtdTheme.Navigation.enable(false);
});
2021-09-15 03:10:35 +00:00
< / script >
2021-09-12 07:14:02 +00:00
< / body >
< / html >
