{"id":50795582,"url":"https://github.com/caltechlibrary/safer-php","last_synced_at":"2026-06-12T14:02:39.484Z","repository":{"id":111429289,"uuid":"77945178","full_name":"caltechlibrary/safer-php","owner":"caltechlibrary","description":"A tiny input vetting library for legacy PHP code","archived":false,"fork":false,"pushed_at":"2025-10-29T20:27:47.000Z","size":55,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-29T22:27:27.478Z","etag":null,"topics":["legacy-php","php","testing","tiny","vetting-library"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/caltechlibrary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-01-03T19:10:45.000Z","updated_at":"2025-10-29T20:28:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"b189667a-42bc-44b2-ac2f-8af53452b3a1","html_url":"https://github.com/caltechlibrary/safer-php","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/caltechlibrary/safer-php","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caltechlibrary%2Fsafer-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caltechlibrary%2Fsafer-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caltechlibrary%2Fsafer-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caltechlibrary%2Fsafer-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/caltechlibrary","download_url":"https://codeload.github.com/caltechlibrary/safer-php/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caltechlibrary%2Fsafer-php/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34247461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["legacy-php","php","testing","tiny","vetting-library"],"created_at":"2026-06-12T14:02:38.638Z","updated_at":"2026-06-12T14:02:39.477Z","avatar_url":"https://github.com/caltechlibrary.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\nNOTE: This is a legacy project used when porting some legacy code. You should use it\nin new projects. PHP 8 and above have better solutions. RSD 2025-10-29\n\n# safer-php\n\nA tiny input vetting library for legacy PHP code.  Also includes examples\nof adding minimal testing using saferclient.php to interact with a PHP\ndriven site.\n\n# Retrofiting legacy PHP projects\n\nA common problem in supporting legacy PHP is that old code may not do \nenough or appropriate validation and this leads to potential injection\nproblems (XSS and SQL).  To mitigate this you need to do three things\n\n* At the start of the PHP file require safer.php\n* Before PHP code is executed then run safer($_GET), safer($_POST), and safer($_SERVER) as needed.\n\nThis might look something like -\n\n```PHP\n\t\u003c?php\n\trequire(\"../safer-php/safer.php\");\n\t$get = safer($_GET); \n\t$post = safer($_POST);\n\t\n\t// the rest of the old should now work safer.\n```\n\nIf you need to validated an uploaded filename you might do something like -\n\n```PHP\n    \u003c?php\n    // Get the filename from the $_FILES assoc array.\n    $safeFilename = $_FILES['myupload']['name'];\n    if ($safeFilename === false) {\n        die('Not a valid filename.');\n    }\n```\n\n# Using in new projects\n\nWhen using safer in new projects you should provide an explicit validation\nmap.  This way we will not be vunerable to injected variables caused by\nunsafe use of extract.\n\nIn this example their are three supported parameters - id, search, callback \nwhich are an Integer, Text and Varname respectively. Here's how you would\ndefined the validation map and then use it with your code.\n\n```PHP\n\t\u003c?php\n\t\n\n\t// Just some place holder code to indicate that you've already established a MySQL connection\n\topenMySQLConnection();\n\n\trequire(\"/usr/local/apache2/htdocs/safer-php/safer.php\");\n\t\n\t// Make a validation map\n\t$validation_map = array(\n\t\t\"id\" =\u003e \"Integer\",\n\t\t\"search\" =\u003e \"Text\",\n\t\t\"callback\" =\u003e \"Varname\"\n\t);\n\t\n\t// extract the $_GET safer validated against $validation_map\n\t$myGET = safer($_GET, $validation_map);\n\n\t// Now you're ready to use them.  If a field wasn't available it will be set to false\n\tif ($myGET[\"id\"] !== false) {\n\t\t// build your query safer\n\t\t$sql = \"SELECT name, email FROM contacts WHERE id = \" . \n\t\t$myGET[\"id\"];\n\t} else if ($myGET['search'] !== false) {\n\t\t$sql = \"SELECT name, email FROM contacts WHERE (name LIKE \\\"\" . \n\t\t\t$myGET[\"search\"] . \"\\\" OR email LIKE \\\"\" . $myGET[\"search\"] . \"\\\"\";\n\t}\n\n\t// Process your SQL safer\n\t$qry = mysql_query($sql);\n\t$users = mysql_fetch_assoc($qry);\n\n\tif ($myGET[\"callback\"] !== false) {\n\t\theader(\"Content-Type: application/javascript\");\n\t\techo $callback . '(' . json_encode($users,  true) . ')';\n\t} else {\n\t\theader(\"Content-Type: application/json\");\n\t\techo json_encode($users, true);\n\t}\n\t?\u003e\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaltechlibrary%2Fsafer-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaltechlibrary%2Fsafer-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaltechlibrary%2Fsafer-php/lists"}