Skip to content

Sanitize $_REQUEST, $_POST and $_GET before the processing of TYPO3 in backend or frontend starts. Take a look into the documentation how to add your own rules or see which one exist.

Notifications You must be signed in to change notification settings

BenjaminQuandt/typo3-mksanitizedparameters

This branch is 133 commits behind DMKEBUSINESSGMBH/typo3-mksanitizedparameters:12.4.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

cf52c41 · Jul 19, 2019
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mksanitizedparameters

What does it do?

Sanitizes all parameters in $_GET and $_POST and in the frontend and backend. Every possible parameter can be configured separately. The configuration can be for a specific position in the parameter array or common for every possible position or even default for all parameters, which are not configured.

This way possible attacks like MySQL injections can be prevented even for parameters where attack potential was not suspected. So unclosed security holes are harder or even not at all exploited.

Taking care of the correct data type of a parameter is now done in one single place. You don't need to call intval() for numeric parameters every time you use them (e.g. in a MySQL query). You can use them safe and directly without any further action at any place you want. You just have to provide the correct rule/configuration to be sure your code is not vulnerable to MySQL injections etc.

The sanitizing itself is done through the filter function of PHP. So you can take full advantage of it's features and provide even custom filters.

Features

The extension has 3 modes which can be configured through extension configuration:

  • stealth mode: simulate the sanitizing and log all theoretical actions. you also need to set a page id where the logs are written to.
  • log mode: every parameter which is sanitized (has changed) will be logged at warn level. This way you can investigate what happened. Either it was an attack attempt or the rules have to be adjusted.
  • debug mode: useful during development. every parameter which is sanitized (has changed) will be reported on the screen through a debug message.

Rules

Own rules for sanitizing a parameter can be registered easily. see rules

UsersManual

Rules

ChangeLog

About

Sanitize $_REQUEST, $_POST and $_GET before the processing of TYPO3 in backend or frontend starts. Take a look into the documentation how to add your own rules or see which one exist.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PHP 100.0%