README

Safe HTTP Request: extension of Nette Request object, but sanitized from known safety issues.

Sanitized issues

Using Nette RequestFactory can cause to leak user's Basic auth credentials, because it by-default creating the Url object with that and used to create back-link URLs (issue nette/http#215). It's fixed at PR#211, but not yet released (and probably fix it will be never available for PHP < 8.0).
Call of Request->getReferer() method can cause to crash App, because evil client can call request with invalid Referer header (issue nette/http#215). It's fixed at eb3f6d1980c0b2552a13f5eb944d37515072c998, but only with mark method as deprecated and not yet released (and probably fix it will be never available for PHP < 8.0).
Call of Request->getRemoteHost() method can cause to slow or stuck your App, because Request object is trying contact DNS server on every read of property (issue nette/http#218).

Package requires the nette/http package, it's not replacing it, just extending it.

composer require jakubboucek/safe-request

Instead:

$request = (new \Nette\Http\RequestFactory)->fromGlobals();

Use:

$request = (new \JakubBoucek\SafeRequest\SafeRequestFactory)->fromGlobals();

You can get Basic Auth User Credential with:

$user = $request->getUser();
$pass = $request->getPassword();

You can get Url with Basic Auth User Credential with:

$url = $request->getUrlWithUserCredential();
echo $url; // http://user:password@example.com/

Please don't hesitate send Issue or Pull Request.

If you discover any security related issues, please email pan@jakubboucek.cz instead of using the issue tracker.

The MIT License (MIT). Please see License File for more information.