Rock Sanitize - a simple and flexible sanitizer

    Talk about Rock SanitizeHello!

    I continue to talk about tools that allow you to secure your web application. Today it is a data sanitization library.

    Sanitation removes (or escapes) invalid or insecure characters from user input, or generates output correctly.

    So, someone who has already met Rock Validate will be pleasantly surprised by the similar syntax:

    Sanitize::removeTags()
        ->lowercase()
        ->sanitize('Hello World!');
    // output: hello world! 
    

    either through the constructor:

    (new Sanitize)->removeTags()->lowercase()->sanitize('Hello World!');
    

    rules


    The set of rules is not yet large enough, but can easily be compensated by customization.

    There are groups of rules:
    • string
    • numeric
    • type cast

    Full list of rules .

    I will note some of them.

    call ()

    It takes a callable value as the first argument. Example:
    $s = Sanitize::call('mb_strtolower', ['UTF-8']);
    $s->sanitize('ПрИвЕт МиР!');
    // output:  привет мир!
    

    unserialize ()

    Automatically detects whether a json or php string is a representation and then deserializes it accordingly.
    $s = Sanitize::unserialize()->removeTags()->trim()
    $s->sanitize('{"name" : "  Tom       "}');
    /*
    output:
    [
      'name' => 'Tom'
    ]
    */
    

    Attribute sanitation


    To sanitize an array / object by attributes, the attributes () method is used.
    $input = [
        'name' => 'Tom',
        'age' => -22
    ];
    $attributes = [
        'name' => Sanitize::removeTags(),
        'age' => Sanitize::abs()
    ];
    Sanitize::attributes($attributes)->sanitize($input);
    /*
    output:
    [
      'name' => 'Tom',
      'age' => 22
    ]
    */
    

    In the event that it is necessary to use one rule for all attributes, then:
    $input = [
        'name' => 'Tom',
        'email' => 'tom@site.com',
    ];
    Sanitize::attributes(Sanitize::removeTags())->sanitize($input);
    /*
    output:
    [
        'name' => 'Tom',
        'email' => 'tom@site.com'
    ]
    */
    

    By default, recursive traversal by array / object attributes is enabled. Example:
    $input = [
        'name' => 'Tom',
        'other' => [
            'email' => 'tom@site.com',
            'note' => [
                'text...'
            ]
        ]
    ];
    Sanitize::attributes(Sanitize::removeTags())->sanitize($input);
    /*
    output:
    [
        'name' => 'Tom',
        'other' => [
            'email' => 'tom@site.com',
            'note' => [
                'text...'
            ]
         ]
    ]
    */
    

    You can disable this behavior:

    Sanitize::recursive(false)->attributes(Sanitize::removeTags());
    

    Additional features


    It is possible to specify a set of rules according to the residual principle, namely:
    $input = [
        'name' => ' Tom',
        'email' => 'tom@site.com ',
        'age' => -22,
    ];
    $s = Sanitize::attributes([
        'age' => Sanitize::abs(),
        '*' => Sanitize::removeTags()->trim()
    ]);
    $s->sanitize($input);
    /*
    output:
    [
        'name' => 'Tom',
        'email' => 'tom@site.com',
        'age' => 22,
    ]
    */
    

    The label “*” can be replaced with any other:

    Sanitize::labelRemainder('_remainder');
    

    A similar feature is now available in Rock Validate.

    If you need sanitization of an attribute located deep in the array, you can specify a chain of keys:
    $input = [
        'name' => 'Tom',
        'other' => [
            'tel' => '777-777',
            'email' => 'tom@site.com',
            'note' => [
                'first' => ' text...  ',
            ]
        ]
    ];
    $attributes = [
        'other.email' => Sanitize::removeTags(),
        'other.note.first' => Sanitize::removeTags()->trim()
    ];
    Sanitize::attributes($attributes)->sanitize($input);
    /*
    output:
    [
        'name' => 'Tom',
        'other' => [
            'tel' => '777-777',
            'email' => 'tom@site.com',
            'note' =>[
                'first' => 'text...',
            ]
        ]
    ]
    */
    

    This feature is available only for arrays.

    Customization


    Create a class with a rule:
    use rock\sanitize\rules\Rule
    class Round extends Rule
    {
        protected $precision = 0;
        public function __construct($precision = 0)
        {
            $this->precision= $precision;
        }
        public function sanitize($input)
        {
            return round($input, $this->precision);
        }    
    }
    

    Profit:
    $config = [
        'rules' => [
            'round' => \namespace\to\Round::className()
        ]
    ];
    $s = new Sanitize($config);
    $s->round()->sanitize(7.4); // output: 7.0
    

    Thus, it is possible to replace existing rules or specify other aliases to the rules.

    Installation


    composer require romeoz/rock-sanitize:*
    

    Github project

    Also popular now: