Inspekt is a PHP library that makes it easier to write secure web applications
OTHER License
Ben Edmunds benedmunds.com
Ed Finkler [email protected]
Version 0.6.3 2022-02-21
Inspekt is a comprehensive filtering and validation library for PHP.
The best idea at the moment is to look at the Examples
directory.
<?php
use Inspekt\Inspekt;
/*
* creates a cage for $_GET, $_POST, $_COOKIE, $_ENV, $_FILES, $_SERVER
*/
$superCage = Inspekt::makeSuperCage();
echo 'Digits:' . $superCage->server->getDigits('SERVER_SOFTWARE') . '<p/>';
echo 'Alpha:' . $superCage->server->getAlpha('SERVER_SOFTWARE') . '<p/>';
echo 'Alnum:' . $superCage->server->getAlnum('SERVER_SOFTWARE') . '<p/>';
echo 'Raw:' . $superCage->server->getRaw('SERVER_SOFTWARE') . '<p/>';
<?php
/**
* Demonstration of:
* - use of static filter methods on arrays
* - creating a cage on an arbitrary array
* - accessing a deep key in a multidim array with the "Array Query" approach
*/
require_once dirname(__FILE__) . "/../vendor/autoload.php";
use Inspekt\Cage;
$d = array();
$d['input'] = '<img id="475">yes</img>';
$d['lowascii'] = ' ';
$d[] = array('foo', 'bar<br />', 'yes<P>', 1776);
$d['x']['woot'] = array(
'booyah' => 'meet at the bar at 7:30 pm',
'ultimate' => '<strong>hi there!</strong>',
);
$d['lemon'][][][][][][][][][][][][][][] = 'far';
$d_cage = Cage::Factory($d);
var_dump($d_cage->getAlpha('/x/woot/ultimate'));
var_dump($d_cage->getAlpha('lemon/0/0/0/0/0/0/0/0/0/0/0/0/0'));
$x = $d_cage->getAlpha('x');
var_dump($x);
$x = $d_cage->getAlpha('input');
var_dump($x);
<?php
require_once dirname(__FILE__) . "/../vendor/autoload.php";
use Inspekt\Inspekt;
$rs = Inspekt::isUri('http://www.w3.org/2001/XMLSchema');
var_dump($rs);
Install PHPUnit, cd to the root dir of Inspekt, and type
phpunit tests/
AccessorAbstract
and registering with cage objectInspekt_Cage::addAccessor()
and Inspekt_SuperCage::addAccessor()
Examples/extending.php
to demonstrate adding new accessor methodsHTMLPurifier
integration capability and new cage filter getPurifiedHTML()
Inspekt
in the standard Input objectInspekt::isArrayObject()
and Inspekt::isArrayOrArrayObject()
public__call()
to Inspekt_Cage so we can handle user-defined accessor methodsisUri()
(Nick Ramsay)Integration_helpers
Inspekt/Cage/Session
in Cage.php
because it caused probs generating Cage test skeletonInspekt_Cage
test skeletonGET
or POST
isOneOf
where a string pattern wasn't converted properlygetROT13
, noTagsOrSpecial
, escMySQL
, escPgSQL
, escPgSQLBytea
Inspekt::getROT13()
Inspekt::escMySQL()
Inspekt::escPgSQL()
Inspekt::escPgSQLBytea()
ArrayObjects
by cages; arrays passed into static filter calls are returned as arrays.InspektTest.php
(removed Tests/ subdir)Inspekt_SuperCage
to fix STRICT
noticesArrayObject
(Matt McKeon)Inspekt::useFilterExt()
'"&<>
, and all low ascii chars (< 32)Inspekt::_walkArray
will now convert a plain array into an ArrayObject (should it always? Not sure)Inspekt::isArrayOrArrayObject()
to determine ifdirname()
resolution so fewer path issues pop up (they showed up when using phpunit)PHP5 now required, bug fixes for transposed params
Disables processing of $_SESSION
Final OWASP milestone release
Initial Release