March 26, 2015 at 07:07Rock Sanitize - a simple and flexible sanitizer
Hello! I continue to talk about tools that allow you to secure your web application. Today it is a data sanitization library.
Sanitation removes (or escapes) invalid or insecure characters from user input, or generates output correctly.
So, someone who has already met Rock Validate will be pleasantly surprised by the similar syntax:
Sanitize::removeTags()
->lowercase()
->sanitize('Hello World!');
// output: hello world!
either through the constructor:
(new Sanitize)->removeTags()->lowercase()->sanitize('Hello World!');
rules
The set of rules is not yet large enough, but can easily be compensated by customization.
There are groups of rules:
- string
- numeric
- type cast
Full list of rules .
I will note some of them.
call ()
It takes a callable value as the first argument. Example:
$s = Sanitize::call('mb_strtolower', ['UTF-8']);
$s->sanitize('ПрИвЕт МиР!');
// output: привет мир!
unserialize ()
Automatically detects whether a json or php string is a representation and then deserializes it accordingly.
$s = Sanitize::unserialize()->removeTags()->trim()
$s->sanitize('{"name" : " Tom "}');
/*
output:
[
'name' => 'Tom'
]
*/
Attribute sanitation
To sanitize an array / object by attributes, the attributes () method is used.
$input = [
'name' => 'Tom',
'age' => -22
];
$attributes = [
'name' => Sanitize::removeTags(),
'age' => Sanitize::abs()
];
Sanitize::attributes($attributes)->sanitize($input);
/*
output:
[
'name' => 'Tom',
'age' => 22
]
*/
In the event that it is necessary to use one rule for all attributes, then:
$input = [
'name' => 'Tom',
'email' => 'tom@site.com',
];
Sanitize::attributes(Sanitize::removeTags())->sanitize($input);
/*
output:
[
'name' => 'Tom',
'email' => 'tom@site.com'
]
*/
By default, recursive traversal by array / object attributes is enabled. Example:
$input = [
'name' => 'Tom',
'other' => [
'email' => 'tom@site.com',
'note' => [
'text...'
]
]
];
Sanitize::attributes(Sanitize::removeTags())->sanitize($input);
/*
output:
[
'name' => 'Tom',
'other' => [
'email' => 'tom@site.com',
'note' => [
'text...'
]
]
]
*/
You can disable this behavior:
Sanitize::recursive(false)->attributes(Sanitize::removeTags());
Additional features
It is possible to specify a set of rules according to the residual principle, namely:
$input = [
'name' => ' Tom',
'email' => 'tom@site.com ',
'age' => -22,
];
$s = Sanitize::attributes([
'age' => Sanitize::abs(),
'*' => Sanitize::removeTags()->trim()
]);
$s->sanitize($input);
/*
output:
[
'name' => 'Tom',
'email' => 'tom@site.com',
'age' => 22,
]
*/
The label “*” can be replaced with any other:
Sanitize::labelRemainder('_remainder');
A similar feature is now available in Rock Validate.
If you need sanitization of an attribute located deep in the array, you can specify a chain of keys:
$input = [
'name' => 'Tom',
'other' => [
'tel' => '777-777',
'email' => 'tom@site.com',
'note' => [
'first' => ' text... ',
]
]
];
$attributes = [
'other.email' => Sanitize::removeTags(),
'other.note.first' => Sanitize::removeTags()->trim()
];
Sanitize::attributes($attributes)->sanitize($input);
/*
output:
[
'name' => 'Tom',
'other' => [
'tel' => '777-777',
'email' => 'tom@site.com',
'note' =>[
'first' => 'text...',
]
]
]
*/
This feature is available only for arrays.
Customization
Create a class with a rule:
use rock\sanitize\rules\Rule
class Round extends Rule
{
protected $precision = 0;
public function __construct($precision = 0)
{
$this->precision= $precision;
}
public function sanitize($input)
{
return round($input, $this->precision);
}
}
Profit:
$config = [
'rules' => [
'round' => \namespace\to\Round::className()
]
];
$s = new Sanitize($config);
$s->round()->sanitize(7.4); // output: 7.0
Thus, it is possible to replace existing rules or specify other aliases to the rules.
Installation
composer require romeoz/rock-sanitize:*
Github project