So, you created your module and works fine, but is it secure? You must ensure that your module is secure and is not vulnerable to any SQL Injections are directory traversing.
You can find below best practices to ensure that your module will be secure. Feel free to apply your own best practices for your module security.
Gather user data from requests
When a user is filling forms, the data is sent e.q. via a POST request to the controller after that you gather this data and insert into the database.
To ensure that this data is escaped, you should gather the data with the built-in CodeIgniter framework input class.
// Get data from POST request
$data = $this->input->post();
$client_id = $this->input->post(‘client_id’);
// Get data from GET request
$data = $this->input->get();
$client_id = $this->input->get(‘client_id’);
Do Not Allow Direct Access the Module Files
For each .php file you created for your module, you must add the code below at the top of the file to prevent the file to be accessed directly.
|defined(‘BASEPATH’) or exit(‘No direct script access allowed’);|
Include empty index.html files
Always add empty index.html file in each folder you will create in your module directory including your module root directory.
E.q. in modules/[your-module]/
E.q. in modules[your-module]/views