I’ve been doing some reading on PHP security and I ran into a great

Question

0

Editorial Team

Asked: May 20, 20262026-05-20T11:11:19+00:00 2026-05-20T11:11:19+00:00

I’ve been doing some reading on PHP security and I ran into a great

0

I’ve been doing some reading on PHP security and I ran into a great question/article on SO > Exploitable PHP functions

There are a ton of interesting commands/functions that should never even be possible to run.

My question is… Does CI have any built in protection/prevention against using any of the commands/functions found on this list?

If so, please point it out for me, I cant seem to find it.

If not, would it be possible to add to or create a CI core class for preventing some or all of the possibly exploitable commands?

It might sound a lil counter intuitive, but having CI dictate best practices seems to be a big part of its design… For example, the CSRF will break your form submission process if you dont set it up right… And thats built right in, but disabled…

Thanks,
Peter

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T11:11:20+00:00

Editorial Team

2026-05-20T11:11:20+00:00Added an answer on May 20, 2026 at 11:11 am

I think I got this answered. There seems to be a preg_replace looking for these commands on the input class @ line 763.

Please correct me if I am wrong.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve been doing some reading on PHP security and I ran into a great

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply