From 0ca3ef9aa722799b8120abf3edc2b2b5ddc8bdc0 Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 16 Dec 2021 10:39:11 +0900 Subject: [PATCH 1/3] docs: add InvalidChars filter explanation --- user_guide_src/source/incoming/filters.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst index 096d1020f77f..cb62defe02a3 100644 --- a/user_guide_src/source/incoming/filters.rst +++ b/user_guide_src/source/incoming/filters.rst @@ -204,6 +204,14 @@ The filters bundled with CodeIgniter4 are: ``Honeypot``, ``CSRF``, ``InvalidChar .. note:: The filters are executed in the order defined in the config file. However, if enabled, ``DebugToolbar`` is always executed last because it should be able to capture everything that happens in the other filters. +InvalidChars +============= + +This filter checks if user input data (``$_GET``, ``$_POST``, ``$_COOKIE``, ``php://input``) do not contain the following characters: + +- invalid UTF-8 characters +- control characters except line break and tab code + SecureHeaders ============= From 1ebc173f9519875518ac47b750e8f33ca6337c0d Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 16 Dec 2021 10:39:45 +0900 Subject: [PATCH 2/3] docs: add links to other pages --- user_guide_src/source/incoming/filters.rst | 2 +- user_guide_src/source/libraries/security.rst | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst index cb62defe02a3..b8b16bb1c9ce 100644 --- a/user_guide_src/source/incoming/filters.rst +++ b/user_guide_src/source/incoming/filters.rst @@ -200,7 +200,7 @@ In this example, the array ``['dual', 'noreturn']`` will be passed in ``$argumen Provided Filters **************** -The filters bundled with CodeIgniter4 are: ``Honeypot``, ``CSRF``, ``InvalidChars``, ``SecureHeaders``, and ``DebugToolbar``. +The filters bundled with CodeIgniter4 are: :doc:`Honeypot <../libraries/honeypot>`, :ref:`CSRF `, ``InvalidChars``, ``SecureHeaders``, and :ref:`DebugToolbar `. .. note:: The filters are executed in the order defined in the config file. However, if enabled, ``DebugToolbar`` is always executed last because it should be able to capture everything that happens in the other filters. diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index b0a11af06b6d..00c6173ee4f3 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -19,6 +19,8 @@ If you find a case where you do need direct access though, you may load it throu $security = \Config\Services::security(); +.. _cross-site-request-forgery: + ********************************* Cross-site request forgery (CSRF) ********************************* From 67ce1b025511a16271caea5dbb37058f9aab190f Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 19 Dec 2021 21:40:46 +0900 Subject: [PATCH 3/3] docs: fix by proof reading Co-authored-by: MGatner --- user_guide_src/source/incoming/filters.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/incoming/filters.rst b/user_guide_src/source/incoming/filters.rst index b8b16bb1c9ce..8677f1925dee 100644 --- a/user_guide_src/source/incoming/filters.rst +++ b/user_guide_src/source/incoming/filters.rst @@ -207,7 +207,7 @@ The filters bundled with CodeIgniter4 are: :doc:`Honeypot <../libraries/honeypot InvalidChars ============= -This filter checks if user input data (``$_GET``, ``$_POST``, ``$_COOKIE``, ``php://input``) do not contain the following characters: +This filter prohibits user input data (``$_GET``, ``$_POST``, ``$_COOKIE``, ``php://input``) from containing the following characters: - invalid UTF-8 characters - control characters except line break and tab code