danielebuso/sanitizer

Data sanitizer and Laravel 7 form requests with input sanitation.

Maintainers

Details

github.com/danielebuso/sanitizer

Source

Issues

Installs: 4 439

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 1

Forks: 1

Open Issues: 0

1.1.0 2021-08-02 08:53 UTC

Requires

Requires (Dev)

MIT d69c02c12d435b5029aaf1327d1e2ec898c32325

  • Daniele Buso <daniele.woop@kodesire.com>

inputlaravelsanitationinput filterinput sanitationinput sanitizertransform input

This package is auto-updated.

Last update: 2024-08-29 05:32:27 UTC

README

Latest Version on Packagist Software License Build Status Total Downloads

Data sanitizer and Laravel 7/8 form requests with input sanitation

Introduction

Sanitizer provides an easy way to format user input, both through the provided filters or through custom ones that can easily be added to the sanitizer library.

Although not limited to Laravel users, there are some extensions provided for this framework, like a way to easily Sanitize user input through a custom FormRequest and easier extensibility.

Example

Given a data array with the following format:

    $data = [
        'first_name'    =>  'john',
        'last_name'     =>  '<strong>DOE</strong>',
        'email'         =>  '  JOHn@DoE.com',
        'birthdate'     =>  '06/25/1980',
        'jsonVar'       =>  '{"name":"value"}',
        'description'   =>  '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>',
        'phone'         =>  '+08(096)90-123-45q',
        'country'       =>  'GB',
        'postcode'      =>  'ab12 3de',
    ];

We can easily format it using our Sanitizer and the some of Sanitizer's default filters:

    use \danielebuso\sanitizer\Sanitizer;

    $filters = [
        'first_name'    =>  'trim|escape|capitalize',
        'last_name'     =>  'trim|escape|capitalize',
        'email'         =>  'trim|escape|lowercase',
        'birthdate'     =>  'trim|format_date:m/d/Y, Y-m-d',
        'jsonVar'       =>  'cast:array',
        'description'   =>  'strip_tags',
        'phone'         =>  'digit',
        'country'       =>  'trim|escape|capitalize',
        'postcode'      =>  'trim|escape|uppercase|filter_if:country,GB',
    ];

    $sanitizer  = new Sanitizer($data, $filters);
    var_dump($sanitizer->sanitize());

Which will yield:

    [
        'first_name'    =>  'John',
        'last_name'     =>  'Doe',
        'email'         =>  'john@doe.com',
        'birthdate'     =>  '1980-06-25',
        'jsonVar'       =>  '["name" => "value"]',
        'description'   =>  'Test paragraph. Other text',
        'phone'         =>  '080969012345',
        'country'       =>  'GB',
        'postcode'      =>  'AB12 3DE',
    ];

It's usage is very similar to Laravel's Validator module, for those who are already familiar with it, although Laravel is not required to use this library.

Filters are applied in the same order they're defined in the $filters array. For each attribute, filters are separered by | and options are specified by suffixing a comma separated list of arguments (see format_date).

Available filters

The following filters are available out of the box:

Adding custom filters

You can add your own filters by passing a custom filter array to the Sanitize constructor as the third parameter. For each filter name, either a closure or a full classpath to a Class implementing the danielebuso\sanitizer\Contracts\Filter interface must be provided. Closures must always accept two parameters: $value and an $options array:

    class RemoveStringsFilter implements danielebuso\sanitizer\Contracts\Filter
    {
        public function apply($value, $options = [])
        {
            return str_replace($options, '', $value);
        }
    }

    $customFilters = [
        'hash'   =>  function($value, $options = []) {
                return sha1($value);
            },
        'remove_strings' => RemoveStringsFilter::class,
    ];

    $filters = [
        'secret'    =>  'hash',
        'text'      =>  'remove_strings:Curse,Words,Galore',
    ];

    $sanitize = new Sanitize($data, $filters, $customFilters);

Install

To install, just run:

composer require danielebuso/sanitizer

And you're done! If you're using Laravel, in order to be able to access some extra functionality you must register both the Service provider in the providers array in config/app.php, as well as the Sanitizer Facade:

    'providers' => [
        ...
        danielebuso\sanitizer\Laravel\SanitizerServiceProvider::class,
    ];

    'aliases' => [
        ...
        'Sanitizer' => danielebuso\sanitizer\Laravel\Facade::class,
    ];

Laravel goodies

If you are using Laravel, you can use the Sanitizer through the Facade:

    $newData = \Sanitizer::make($data, $filters)->sanitize();

You can also easily extend the Sanitizer library by adding your own custom filters, just like you would the Validator library in Laravel, by calling extend from a ServiceProvider like so:

    \Sanitizer::extend($filterName, $closureOrClassPath);

You may also Sanitize input in your own FormRequests by using the SanitizesInput trait, and adding a filters method that returns the filters that you want applied to the input.

    namespace App\Http\Requests;

    use App\Http\Requests\Request;
    use danielebuso\sanitizer\Laravel\SanitizesInput;

    class SanitizedRequest extends Request
    {
        use SanitizesInput;

        public function filters()
        {
            return [
                'name'  => 'trim|capitalize',
                'email' => 'trim',
            ];
        }

        /* ... */

To generate a Sanitized Request just execute the included Artisan command:

php artisan make:sanitized-request TestSanitizedRequest

The only difference with a Laravel FormRequest is that now you'll have an extra 'fields' method in which to enter the input filters you wish to apply, and that input will be sanitized before being validated.

License

Sanitizer is open-sourced software licensed under the MIT license