Security helper class.
Class declared in SYSPATH/classes/kohana/security.php on line 11.
string $token_namekey name used for token storage
string(14) "security_token"Check that the given token matches the currently stored security token.
if (Security::check($token))
{
    // Pass
}
string
$token
required - Token to checkbooleanpublic static function check($token)
{
	return Security::token() === $token;
}Encodes PHP tags in a string.
$str = Security::encode_php_tags($str);
string
$str
required - String to sanitizestringpublic static function encode_php_tags($str)
{
	return str_replace(array('<?', '?>'), array('<?', '?>'), $str);
}Remove image tags from a string.
$str = Security::strip_image_tags($str);
string
$str
required - String to sanitizestringpublic static function strip_image_tags($str)
{
	return preg_replace('#<img\s.*?(?:src\s*=\s*["\']?([^"\'<>\s]*)["\']?[^>]*)?>#is', '$1', $str);
}Generate and store a unique token which can be used to help prevent CSRF attacks.
$token = Security::token();
You can insert this token into your forms as a hidden field:
echo Form::hidden('csrf', Security::token());
And then check it when using Validation:
$array->rules('csrf', array(
    'not_empty'       => NULL,
    'Security::check' => NULL,
));
This provides a basic, but effective, method of preventing CSRF attacks.
boolean
$new
 = bool FALSE - Force a new token to be generated?stringpublic static function token($new = FALSE)
{
	$session = Session::instance();
	// Get the current token
	$token = $session->get(Security::$token_name);
	if ($new === TRUE OR ! $token)
	{
		// Generate a new unique token
		$token = sha1(uniqid(NULL, TRUE));
		// Store the new token
		$session->set(Security::$token_name, $token);
	}
	return $token;
}