Download the PHP package dmk/mksanitizedparameters without Composer
On this page you can find all versions of the php package dmk/mksanitizedparameters. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dmk/mksanitizedparameters
More information about dmk/mksanitizedparameters
Files in dmk/mksanitizedparameters
Package mksanitizedparameters
Short Description Sanitize $_REQUEST, $_POST and $_GET before the processing of TYPO3 in backend or frontend starts. Take a look into the documentation how to add your own rules or see which one exist.
License GPL-2.0-or-later
Homepage http://www.dmk-ebusiness.de/
Informations about the package mksanitizedparameters
MK Sanitized Parameters
What does it do?
Sanitizes all parameters in $_GET
, $_POST
and ServerRequestInterface $request
for frontend and backend.
Every possible parameter can be configured separately.
The configuration can be for a specific position in the parameter array
or common for every possible position or even default for all parameters, which are not configured.
This way possible attacks like MySQL injections can be prevented even for parameters where attack potential was not suspected. So unclosed security holes are harder or even not at all exploited.
Taking care of the correct data type of a parameter is now done in one single place. You don't need to call intval() for numeric parameters every time you use them (e.g. in a MySQL query). You can use them safe and directly without any further action at any place you want. You just have to provide the correct rule/configuration to be sure your code is not vulnerable to MySQL injections etc.
The sanitizing itself is done through the filter function of PHP. So you can take full advantage of it's features and provide even custom filters.
Features
The extension has 3 modes which can be configured through extension configuration:
- stealth mode: simulate the sanitizing and log all theoretical actions. you also need to set a page id where the logs are written to.
- log mode: every parameter which is sanitized (has changed) will be logged at warn level. This way you can investigate what happened. Either it was an attack attempt or the rules have to be adjusted.
- debug mode: useful during development. every parameter which is sanitized (has changed) will be reported on the screen through a debug message.
Rules
Own rules for sanitizing a parameter can be registered easily. see rules
UsersManual
Rules
ChangeLog