Rock Sanitize - simple and flexible sanitizer

Hello!

I continue to talk about tools that allow you to secure your web application. Today it is a library for sanitizing data.

Sanitization removes (or shields) incorrect or unsafe characters from user input, or correctly generates output data.

So, anyone who has already met Rock Validate will be pleasantly surprised by a similar syntax:
')

Sanitize::removeTags() ->lowercase() ->sanitize('<b>Hello World!</b>'); // output: hello world! 

either through the constructor:

 (new Sanitize)->removeTags()->lowercase()->sanitize('<b>Hello World!</b>'); 

rules

The rule set is not large enough yet, but it can be easily compensated by customization.

There are groups of rules:

• string
• numeric
• cast to type

Full list of rules .

I will note some of them.

call ()

The first argument takes a callable value. Example:

 $s = Sanitize::call('mb_strtolower', ['UTF-8']); $s->sanitize(' !'); // output:  ! 

unserialize ()

Automatically determines if the string is json or php, and then deserializes it accordingly.

 $s = Sanitize::unserialize()->removeTags()->trim() $s->sanitize('{"name" : " <b> Tom </b> "}'); /* output: [ 'name' => 'Tom' ] */ 

Sanitizing Attributes

To sanitize an array / object by attributes, use the attributes () method.

 $input = [ 'name' => '<b>Tom</b>', 'age' => -22 ]; $attributes = [ 'name' => Sanitize::removeTags(), 'age' => Sanitize::abs() ]; Sanitize::attributes($attributes)->sanitize($input); /* output: [ 'name' => 'Tom', 'age' => 22 ] */ 

In case you need to use one rule for all attributes, then:

 $input = [ 'name' => '<b>Tom</b>', 'email' => '<b>tom@site.com</b>', ]; Sanitize::attributes(Sanitize::removeTags())->sanitize($input); /* output: [ 'name' => 'Tom', 'email' => 'tom@site.com' ] */ 

By default, recursive traversing of array / object attributes is enabled. Example:

 $input = [ 'name' => '<b>Tom</b>', 'other' => [ 'email' => '<b>tom@site.com</b>', 'note' => [ '<b>text...</b>' ] ] ]; Sanitize::attributes(Sanitize::removeTags())->sanitize($input); /* output: [ 'name' => 'Tom', 'other' => [ 'email' => 'tom@site.com', 'note' => [ 'text...' ] ] ] */ 

You can disable this behavior:

 Sanitize::recursive(false)->attributes(Sanitize::removeTags()); 

Additional features

It is possible to specify a set of rules on the residual principle, namely:

 $input = [ 'name' => '<b> Tom</b>', 'email' => '<b>tom@site.com </b>', 'age' => -22, ]; $s = Sanitize::attributes([ 'age' => Sanitize::abs(), '*' => Sanitize::removeTags()->trim() ]); $s->sanitize($input); /* output: [ 'name' => 'Tom', 'email' => 'tom@site.com', 'age' => 22, ] */ 

The label "*" can be replaced with any other:

 Sanitize::labelRemainder('_remainder'); 

A similar feature is now available in Rock Validate.

If it is necessary to sanitize an attribute located in the depth of an array, then you can specify a chain of keys:

 $input = [ 'name' => '<b>Tom</b>', 'other' => [ 'tel' => '<b>777-777</b>', 'email' => '<b>tom@site.com</b>', 'note' => [ 'first' => '<b> text... </b> ', ] ] ]; $attributes = [ 'other.email' => Sanitize::removeTags(), 'other.note.first' => Sanitize::removeTags()->trim() ]; Sanitize::attributes($attributes)->sanitize($input); /* output: [ 'name' => '<b>Tom</b>', 'other' => [ 'tel' => '<b>777-777</b>', 'email' => 'tom@site.com', 'note' =>[ 'first' => 'text...', ] ] ] */ 

This feature is available only for arrays.

Customization

Create a class with the rule:

 use rock\sanitize\rules\Rule class Round extends Rule { protected $precision = 0; public function __construct($precision = 0) { $this->precision= $precision; } public function sanitize($input) { return round($input, $this->precision); } } 

Profit:

 $config = [ 'rules' => [ 'round' => \namespace\to\Round::className() ] ]; $s = new Sanitize($config); $s->round()->sanitize(7.4); // output: 7.0 

Thus, it is possible to substitute the existing rules or specify other aliases to the rules.

Installation

 composer require romeoz/rock-sanitize:* 

Project on github