Sanitor (PHP input filtering/sanitization improvement)
53 views
Skip to first unread message
B Roeser
Feb 5, 2016, 10:07:23 AM2/5/16
to thephpleague
Hi there,
I stumbled upon the League of Extraordinary Packages today and found it very interesting.
I'd like to present one of my own packages, which might be of interest to you.
It is called Sanitor and is basically an enhancement over the built-in filter_input(), filter_var() and filter_has_var()-methods of PHP's filter extension:
It works with PHP 5.4, 5.5, 5.6 and 7.0 (according to Travis CI, I have sadly only tested it in a live project on 5.6).
I strived for great code quality, so I have thoroughly tested the package with 100% code coverage.
It has a GitHub page and a README (same content) that should (hopefully) explain the package in more detail.
The package conforms to rules 4-10 of the league.
I currently don't totally follow PSR-2 – my opening curly braces of functions and classes are on the same line – but as far as I can remember, that's the only PSR-2 violation. Obviously this could easily be fixed.
Do you think the package is interesting and would be a good addition for the league?
If yes, I could easily adapt it to PSR-2, change the namespace etc.
If not, that's fine too, I'd like to hear your thoughts and feedback.
Yours,
Benedict
Woody Gilk
Feb 29, 2016, 11:33:01 AM2/29/16
to B Roeser, thephpleague
I guess my first reaction would be "why doesn't this use PSR-2"?
A couple of the thrown exceptions might be better as InvalidArgumentException.
Other than that, the package looks pretty good. I'm not really sure it meets the criteria for _why_ it should be included in League, since there are any number of other packages that do similar things.
--
You received this message because you are subscribed to the Google Groups "thephpleague" group.
To unsubscribe from this group and stop receiving emails from it, send an email to thephpleague...@googlegroups.com.
To post to this group, send email to thephp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/thephpleague/b115a651-e8e0-4f71-ac58-db6f38857a24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ben Corlett
Feb 29, 2016, 5:12:08 PM2/29/16
to Woody Gilk, B Roeser, thephpleague
Hi Benedict,
Good work on building this package!
So, as Woody put to you, why this package over another?
Further, the session/request filtering, I’m thinking now for the purposes of avoiding those superglobals, would it be better to inject a Symfony Request object in? At least that way you could inject `Request::createFromGlobals()` as a dependency…
Don’t let the scrutiny you’ll receive think we don’t _like_ your package, we need to perform this due diligence to ensure that we keep close to our core focus as a group.
To view this discussion on the web visit https://groups.google.com/d/msgid/thephpleague/CAGOJM6LyG37yfjhZwDdNPZZS5PuuT4gCqwwKwf8tJCjxtnQhfw%40mail.gmail.com.
Woody Gilk
Feb 29, 2016, 7:08:58 PM2/29/16
to Ben Corlett, B Roeser, thephpleague
Does everyone in the world use Symfony Request?
Ben Corlett
Feb 29, 2016, 7:10:39 PM2/29/16
to Woody Gilk, B Roeser, thephpleague
Not at all, it’s a pretty good alternative to superglobals however…
Hari K T
Feb 29, 2016, 11:31:14 PM2/29/16
to thephpleague
Not at all, it’s a pretty good alternative to superglobals however…
The good idea will be pass the globals to construct. So no one need to worry about whether it is $_SERVER or anything . So it can be also taken from $request->toArray() ( Don't recall if there was to array in symfony , but there is something I guess ) .
Ben Corlett
Feb 29, 2016, 11:58:59 PM2/29/16
to Hari K T, thephpleague
Yeah I considered recommending that however it makes for a horribly ugly constructor.
Sent from my iPhone
Ben Corlett
Director
Please excuse my brevity
Not at all, it’s a pretty good alternative to superglobals however…The good idea will be pass the globals to construct. So no one need to worry about whether it is $_SERVER or anything . So it can be also taken from $request->toArray() ( Don't recall if there was to array in symfony , but there is something I guess ) .
--
You received this message because you are subscribed to the Google Groups "thephpleague" group.
To unsubscribe from this group and stop receiving emails from it, send an email to thephpleague...@googlegroups.com.
To post to this group, send email to thephp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/thephpleague/CAESZFt%2BzCTJ-Jv%3D_Cym1D8-aAd7g-rd5OaDE_5Mx-ga3DAj43w%40mail.gmail.com.
B Roeser
Mar 1, 2016, 1:52:47 AM3/1/16
to thephpleague, b-ro...@gmx.net
Hi Woody,
On Monday, February 29, 2016 at 5:33:01 PM UTC+1, Woody Gilk wrote:
I guess my first reaction would be "why doesn't this use PSR-2"?
There is no technical reason.
I personally prefer a slightly different style of putting my braces, and as the project started out as personal little helper tool I used that style and stuck to it.
However as I said, I could easily change it, if it's a problem.
A couple of the thrown exceptions might be better as InvalidArgumentException.
Yes, that's true.
Other than that, the package looks pretty good. I'm not really sure it meets the criteria for _why_ it should be included in League, since there are any number of other packages that do similar things.
It's true that every framework and some other packages implements proper input sanitization.
IF someone ever needs a tool that does only input sanitization and does it well, I'd suggest my package. ;)
Yours,
Benedict
B Roeser
Mar 1, 2016, 2:01:52 AM3/1/16
to thephpleague, woody...@gmail.com, b-ro...@gmx.net
Hi Ben,
On Monday, February 29, 2016 at 11:12:08 PM UTC+1, Ben Corlett wrote:
Hi Benedict,Good work on building this package!So, as Woody put to you, why this package over another?
Thank you!
See my answer to Woody.
Further, the session/request filtering, I’m thinking now for the purposes of avoiding those superglobals, would it be better to inject a Symfony Request object in? At least that way you could inject `Request::createFromGlobals()` as a dependency…
The package currently has NO dependencies except of PHP >=5.4 and I'd like to keep it that way. It would be possible though to add a bridge for using a Symfony Request object with Sanitor, however in that case it is probably easier and saner to just use Symfony directly.
I think my usage of superglobals in this context is okay.
Don’t let the scrutiny you’ll receive think we don’t _like_ your package, we need to perform this due diligence to ensure that we keep close to our core focus as a group.
That's ok. :)
Reply all
Reply to author
Forward
0 new messages