paragonie/ionizer

Powerful input value filtering for PHP applications

v1.0.3 2024-05-11 22:18 UTC

This package is auto-updated.

Last update: 2024-12-11 23:37:40 UTC


README

Build Status Latest Stable Version Latest Unstable Version License Downloads

Ionizer provides strict typing and input validation for dynamic inputs (i.e. HTTP request parameters). Requires PHP 7 or higher.

What is Ionizer?

Ionizer is a structured input filtering system ideal for HTTP form data.

Why is Ionizer important?

Aside from the benefits of being able to strictly type your applications that accept user input, Ionizer makes it easy to mitigate some NoSQL injection techniques.

Installing

Get Composer, then run the following:

composer require paragonie/ionizer

Usage

<?php

use ParagonIE\Ionizer\GeneralFilterContainer;
use ParagonIE\Ionizer\Filter\{
    StringFilter,
    AllowList
};

// Define properties to filter:
$ic = new GeneralFilterContainer();
$ic->addFilter(
        'username',
        (new StringFilter())->setPattern('^[A-Za-z0-9_\-]{3,24}$')
    )
    ->addFilter('passphrase', new StringFilter())
    ->addFilter(
        'domain',
        new AllowList('US-1', 'US-2', 'EU-1', 'EU-2')
    );

// Invoke the filter container on the array to get the filtered result:
try {
    // $post passed all of our filters.
    $post = $ic($_POST);
} catch (\TypeError $ex) {
    // Invalid data provided.
}

Ionizer can even specify structured input with some caveats.

<?php

use ParagonIE\Ionizer\GeneralFilterContainer;
use ParagonIE\Ionizer\Filter\{
    IntFilter,
    IntArrayFilter,
    StringArrayFilter,
    StringFilter
};

$ic = new GeneralFilterContainer();
    // You can type entire arrays at once:
$ic->addFilter('numbers', new IntArrayFilter())
    ->addFilter('strings', new StringArrayFilter())
    
    // You can also specify subkeys, separated by a period:
    ->addFilter('user.name', new StringFilter())
    ->addFilter('user.unixtime', new IntFilter());

$input = [
    'numbers' => [1, 2, 3],
    'strings' => ['a', 'b'],
    'user' => [
        'name' => 'test',
        'unixtime' => time()
    ]    
];

try {
    $valid = $ic($input);
} catch (\TypeError $ex) {
}

Support Contracts

If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.