Download the PHP package bgeneto/ci4-sanitize without Composer

ci4-sanitize

ci4-sanitize is a PHP library for CodeIgniter 4 that provides data sanitization functionality. It allows you to easily sanitize user input and other data using a set of predefined rules or custom rules. This helps prevent security vulnerabilities like cross-site scripting (XSS) and SQL injection.

Quick Start

1. Install with Composer: composer require bgeneto/ci4-sanitize

2. Publish the config file: php spark sanitize:publish

3. Set up your model:

Installation

Composer + Packagist

Composer + GitHub repo:

Just setup a repository like this in your project's composer.json file:

Composer + Local repo:

Now edit your composer.json file and add a new path repository:

Publish the configuration file after installing:

Configuration

The package comes with a configuration file (app/Config/Sanitization.php) where you can define default sanitization rules for your models.

You can also add custom (new) rules to this config file:

Usage

Sanitizer Class

You can use the Sanitizer class directly to sanitize

You can also add rules dynamically:

You can also apply rules at the time of sanitization, which will override any previously defined rules:

Sanitizer Class Static Usage

The Sanitizer class provides several static methods for convenient sanitization:

• Sanitizer::registerRule(string $rule, callable $callback): Registers a custom sanitization rule.
• Sanitizer::applyRule(mixed $value, string $rule): Applies a sanitization rule (built-in or custom) to a value.
• Sanitizer::resetRules(): Resets all custom rules.

Registering and Using Custom Rules:

Applying Built-in Rules:

Sanitizable Trait

The SanitizableTrait is designed for use with CodeIgniter 4 models. It automatically applies sanitization rules before inserting or updating data.

The trait will use the rules defined in the Sanitization config file for the UserModel. You can also add rules dynamically:

You can retrieve the currently applied sanitization rules using getSanitizationRules():

You can also sanitize arbitrary data directly using the trait:

Allowed Callbacks:

The SanitizableTrait allows you to specify which model events should trigger sanitization. You can set these using the setSanitizationCallbacks() method. The allowed callbacks are:

• beforeInsert
• beforeUpdate
• beforeFind
• beforeDelete
• beforeInsertBatch
• beforeUpdateBatch

Built-in Rules

The following built-in rules are available:

• trim: Removes whitespace from the beginning and end of a string.
• lowercase: Converts a string to lowercase.
• uppercase: Converts a string to uppercase.
• capitalize: Capitalizes the first character of each word in a string.
• numbers_only: Removes all non-numeric characters from a string.
• email: Sanitizes an email address.
• float: Sanitizes a floating-point number.
• int: Sanitizes an integer.
• htmlspecialchars: Converts special characters to HTML entities.
• norm_spaces: Normalizes whitespace in a string (removes multiple spaces).
• slug: Generates a URL-friendly slug.
• url: Sanitizes a URL.
• strip_tags: Strips HTML and PHP tags from a string.
• strip_tags_allowed: Strips HTML and PHP tags, allowing specified tags (e.g., strip_tags_allowed:<p>,<a>).
• alphanumeric: Removes all non-alphanumeric characters from a string.

Custom Rules

Custom rules can be used both globally (with Sanitizer::registerRule()) and within models that use the SanitizableTrait. The examples shown in the "Sanitizer Class Static Usage" section demonstrate how to define and use custom rules.

License

This package is open-sourced software licensed under the MIT license.