paragonie / ionizer
Powerful input value filtering for PHP applications
Installs: 2 821
Dependents: 4
Suggesters: 0
Security: 0
Stars: 33
Watchers: 7
Forks: 6
Open Issues: 1
Requires
- php: ^7|^8
- ext-json: *
- paragonie/constant_time_encoding: ^2.1|^3
Requires (Dev)
- phpunit/phpunit: ^6.5|^7|^8|^9
- vimeo/psalm: ^1|^2|^3|^4
README
Ionizer provides strict typing and input validation for dynamic inputs (i.e. HTTP request parameters). Requires PHP 7 or higher.
What is Ionizer?
Ionizer is a structured input filtering system ideal for HTTP form data.
Why is Ionizer important?
Aside from the benefits of being able to strictly type your applications that accept user input, Ionizer makes it easy to mitigate some NoSQL injection techniques.
Installing
Get Composer, then run the following:
composer require paragonie/ionizer
Usage
<?php use ParagonIE\Ionizer\GeneralFilterContainer; use ParagonIE\Ionizer\Filter\{ StringFilter, AllowList }; // Define properties to filter: $ic = new GeneralFilterContainer(); $ic->addFilter( 'username', (new StringFilter())->setPattern('^[A-Za-z0-9_\-]{3,24}$') ) ->addFilter('passphrase', new StringFilter()) ->addFilter( 'domain', new AllowList('US-1', 'US-2', 'EU-1', 'EU-2') ); // Invoke the filter container on the array to get the filtered result: try { // $post passed all of our filters. $post = $ic($_POST); } catch (\TypeError $ex) { // Invalid data provided. }
Ionizer can even specify structured input with some caveats.
<?php use ParagonIE\Ionizer\GeneralFilterContainer; use ParagonIE\Ionizer\Filter\{ IntFilter, IntArrayFilter, StringArrayFilter, StringFilter }; $ic = new GeneralFilterContainer(); // You can type entire arrays at once: $ic->addFilter('numbers', new IntArrayFilter()) ->addFilter('strings', new StringArrayFilter()) // You can also specify subkeys, separated by a period: ->addFilter('user.name', new StringFilter()) ->addFilter('user.unixtime', new IntFilter()); $input = [ 'numbers' => [1, 2, 3], 'strings' => ['a', 'b'], 'user' => [ 'name' => 'test', 'unixtime' => time() ] ]; try { $valid = $ic($input); } catch (\TypeError $ex) { }
Support Contracts
If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.