{"id":28754235,"url":"https://github.com/zeroasterisk/input-cakephp-plugin","last_synced_at":"2025-08-30T06:43:32.956Z","repository":{"id":21677993,"uuid":"24999174","full_name":"zeroasterisk/Input-CakePHP-Plugin","owner":"zeroasterisk","description":"Input access, sanitization, security layer to simplify CakeRequest access","archived":false,"fork":false,"pushed_at":"2014-11-09T04:18:17.000Z","size":215,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-17T01:08:03.670Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zeroasterisk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-09T16:53:17.000Z","updated_at":"2019-05-02T15:04:19.000Z","dependencies_parsed_at":"2022-08-17T16:11:38.861Z","dependency_job_id":null,"html_url":"https://github.com/zeroasterisk/Input-CakePHP-Plugin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zeroasterisk/Input-CakePHP-Plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroasterisk%2FInput-CakePHP-Plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroasterisk%2FInput-CakePHP-Plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroasterisk%2FInput-CakePHP-Plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroasterisk%2FInput-CakePHP-Plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zeroasterisk","download_url":"https://codeload.github.com/zeroasterisk/Input-CakePHP-Plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroasterisk%2FInput-CakePHP-Plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272815816,"owners_count":24997661,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-17T01:08:01.126Z","updated_at":"2025-08-30T06:43:32.916Z","avatar_url":"https://github.com/zeroasterisk.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Input CakePHP Plugin\n\nInput access helper, and sanitization.\n\n## Install\n\n cd app\n git clone https://github.com/zeroasterisk/Input-CakePHP-Plugin.git Plugin/Input\n echo \"CakePlugin::load('Input', array('bootstrap' =\u003e false, 'routes' =\u003e false));\" \u003e\u003e Config/bootstrap.php\n\n## Configure: Global\n\nConfiguration is \"setable\" in app/Config/Input.php\n\nA default version is ready for you, and you can put it in place with:\n\n cp app/Plugin/Input/Config/Input.default.php app/Config/Input.php\n\nIf you don't have `Configure::read('Input')` defined, we will use our own,\ninternal default Configuration.\n\n fields:\n *.email = 'email' FILTER_SANITIZE_EMAIL \u0026 strip_tags\n *.url = 'url' FILTER_SANITIZE_URL \u0026 strip_tags\n * = 'string' FILTER_SANITIZE_STRING \u0026 strip_tags\n\nSee Configuration Input sanitizationKeyMap to see all options\n\n## Configure: On the Component\n\nYou can set configuration per controller when you initialize the Component\n\n $components = array(\n 'Input.Input' =\u003e array(\n 'settings' =\u003e array(\n 'fields' =\u003e array(\n 'Post.body' =\u003e 'anything',\n ),\n 'sanitizationKeyMap' =\u003e array(\n 'anything' =\u003e array(\n 'filter' =\u003e false,\n 'xss' =\u003e true,\n )\n 'custom' =\u003e array(\n 'strip_tags' =\u003e true,\n 'filter' =\u003e FILTER_SANITIZE_STRING,\n 'filterOptions' =\u003e FILTER_FLAG_ENCODE_LOW | FILTER_FLAG_ENCODE_HIGH | FILTER_FLAG_ENCODE_AMP\n 'preg_replace' =\u003e ['/(bad|word|list|here)/gi'],\n 'tokenize' =\u003e ['emailInArrows', '#\u003c/?(allow|special|tags|via|regex)\u003e#'],\n 'xss' =\u003e false,\n ),\n )\n )\n )\n );\n\n## Configuration\n\n### Input.fields\n\nThe list works \"top down\"\nFirst matching key, wins (only it's rule will be applied)\nIf no Input.Fields match, nothing is done\n\n**Keys:** Flattened data key matching whole strings, or patterns as matched by\n[fnmatch()](http://php.net/manual/en/function.fnmatch.php)\nor patterns as matched by\n[preg\\_match()](http://php.net/manual/en/function.preg_match.php)\n\nExample Keys:\n\n* `User.email`\n* `*.body`\n* `Post.*`\n* `#User\\.email#`\n* `/Comment.*\\.subject$/`\n* `/.*\\.body$/`\n\n**Values:** A \"config key\" to tell us what type of sanitization to run.\n\nsee Input.sanitizationKeyMap\n\n**default Input.fields:**\n\n\t\t\t'fields' =\u003e [\n\t\t\t\t'/.*\\.email$/' =\u003e 'email',\n\t\t\t\t'/.*\\.url$/' =\u003e 'url',\n\t\t\t\t'*' =\u003e 'string'\n\t\t\t],\n\n### Input.sanitizationKeyMap\n\n**Sanitization Keys**\n\n email: FILTER_SANITIZE_EMAIL \u0026 strip_tags\n url: FILTER_SANITIZE_URL \u0026 strip_tags\n string: FILTER_SANITIZE_STRING \u0026 strip_tags\n html: FILTER_UNSAFE_RAW * FILTER_FLAG_NO_ENCODE_QUOTES | FILTER_FLAG_STRIP_HIGH\n (html allowed, xss checking done)\n blacklist: Simple preg_replace done to strip blacklisted terms\n (html allowed, xss checking done)\n ['/(bad|word|list|here)/i', '/^lorem.*$/i']\n anything: (no filter, no xss check\n\nYou can add your own sanitization keys... just make a new key and setup whatever\nyou config you want as the value.\n\n**Config for Sanitization Keys**\n\n strip_tags = true or string $allowable_tags\n http://php.net/manual/en/function.strip-tags.php\n filter = constant or null\n FILTER_* filters for Sanitize\n http://php.net/manual/en/filter.filters.sanitize.php\n filterOptions = constant or array or null\n FILTER_* flags for Sanitize joined via bitwise opperators\n or an associative array of options for the filter_var() function\n http://php.net/manual/en/filter.filters.flags.php\n preg_replace = array or string\n if specified, we will do a preg_replace($patterns, '', $value)\n tokenize = array or string\n if specified, we will allow all matching patterns, bypassing cleaning\n note: even though we bypass cleaning, we still check for XSS (if checking)\n xss = bool [true]\n if true, we look to see if we can detect any known XSS attack and if so,\n we throw an UnsafeInputException\n\nNOTE:\n* if you need to allow HTML with style and javascript and the like, skip XSS\n * then specify: `['filter' =\u003e false, 'xss' =\u003e false]`\n* if you need to want to allow HTML and still do XSS checking\n * then specify: `['filter' =\u003e false, 'xss' =\u003e true]`\n\n### Input.patternsXSS\n\nXSS Checking\n\n* for key: `email`, `url`, `string` - all HTML is stripped, so it shouldn't matter.\n* for key: `anything` - we do not check for XSS *(look out!)*\n* for key: `html`, 'blacklist' - we will throw an UnsafeInputException for:\n * javascript, java, vbscript, etc. (anywhere in the text)\n * style attributes (which are often exploits)\n * etc.\n\n### Input.tokenizations\n\nA List of \"known\" tokens which can easily be re-used\n\nThere is currently only 1 prebuilt tokenizations _(want to recommend more?)_:\n\n* `emailInArrows`\n * this matches strings such as `\u003cemail@example.com\u003e` which would normally be\n stripped via `strip_tags()`\n\nWhen you configure sanitizationKeyMap you can specify `tokenize` as an array\n(or single string). By default we include `emailInArrows` for all keys.\n\nYou can pass in none or false to disable.\n\nYou can pass in whatever extra patterns you want, to skip cleaning.\n\nYou can also configure more `tokenizations` and then pass in the key,\nwhich will be mapped to the actual pattern at runtime.\n\n## Usage: Access Input\n\nInformation can be accessed in a lot of places, in CakePHP.\n\nBefore 3, named params (passed args) were the norm, but now CakePHP is moving to query string.\n\nSometimes routes put things in params, sometimes in named.\n\nUse this handy lookup tool to find a key, or return the default.\n\n $value = $this-\u003eInput-\u003eget($name, $default=false);\n\n $id = $this-\u003eInput-\u003eget('id');\n\nThis will look in the following paths and return the first *set* value:\n\n $this-\u003erequest-\u003eparams['id']\n $this-\u003erequest-\u003enamed['id']\n $this-\u003erequest-\u003equery['id']\n $this-\u003erequest-\u003edata['id']\n\nLikewise, we can use this with a default value too (without a default, we\ndefault to `false`):\n\n $type = $this-\u003eInput-\u003eget('type', 'default-type');\n\n\n## Usage: Secure/Sanitize Input\n\n* TODO\n\n(build data sanitization, which is configurable...\nwe want to defeat security scanners, XSS scripts, spammers, and hackers alike)\n\n## Usage: Secure/Sanitize Input - Custom CleanData Lib\n\n(optional)\n\nYou may create your own `app/Lib/CleanData.php` and expose an `all()` method on\nit... We pass in `$this-\u003erequest-\u003edata` as the first argument.\n\n // app/Lib/CleanData.php\n $data = CleanData::all($data);\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeroasterisk%2Finput-cakephp-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzeroasterisk%2Finput-cakephp-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeroasterisk%2Finput-cakephp-plugin/lists"}