portavice/filesanitizer
Composer 安装命令:
composer require portavice/filesanitizer
包简介
A PHP library to sanitize file names and content to prevent security vulnerabilities.
README 文档
README
Pure PHP file sanitizer and scanner for uploaded files. It strips metadata where practical, rewrites selected file types into safer forms, and detects suspicious or malicious content such as XSS-style payloads, risky embedded markup, active PDF content, and dangerous archive entries.
Features
- Re-encodes supported image formats to remove metadata and ancillary chunks
- Sanitizes HTML and SVG using strict policy-based cleanup
- Scans PDFs for active content and applies best-effort cleanup
- Scans OOXML documents for risky content such as macros, ActiveX, and external relationships
- Recursively scans ZIP archives, including nested archives, with configurable safety limits
- Scans audio files for suspicious embedded payloads and removes metadata where practical
- Scans video files for suspicious embedded payloads and applies best-effort metadata cleanup
- Supports sanitize-always mode for best-effort cleaning even when risky content is detected
- Pure PHP implementation with no shell access, SSH, or external binaries required
Installation
composer require portavice/filesanitizer
For development and tests:
composer install
composer test
Quick start
<?php require __DIR__ . '/vendor/autoload.php'; use Portavice\FileSanitizer\FileSanitizer; $sanitizer = new FileSanitizer(); $result = $sanitizer->process(__DIR__ . '/upload.svg'); if (!$result['scan']->safe) { foreach ($result['scan']->issues as $issue) { echo $issue->code . ': ' . $issue->message . PHP_EOL; } exit(1); } echo 'Sanitized file written to: ' . $result['sanitize']->outputPath . PHP_EOL;
sanitizeAlways mode
When sanitizeAlways is enabled, FileSanitizer will attempt best-effort sanitization even if risky content is detected during scanning.
This is useful when you want to:
- always strip metadata where possible
- always rewrite supported files where possible
- keep findings for review without immediately rejecting the upload
<?php use Portavice\FileSanitizer\FileSanitizer; $sanitizer = new FileSanitizer(); $result = $sanitizer->process(__DIR__ . '/upload.pdf', null, true);
Best-effort sanitization does not guarantee a full structural rebuild for complex formats such as PDF, audio, or video containers.
Supported file types
FileSanitizer currently supports scanning and/or sanitizing the following file types.
- Images
- JPEG
- PNG
- GIF
- WebP
- Documents and markup
- HTML
- SVG
- TXT and text-like files
- DOCX
- XLSX
- PPTX
- Archives
- ZIP
- Nested ZIP archives
- Audio
- MP3
- WAV
- OGG
- FLAC
- M4A
- AAC
- Video
- MP4
- MOV
- WebM
- MKV
- AVI
How it works
FileSanitizer combines format-aware scanning with best-effort sanitization.
Scanning
The scanner looks for suspicious patterns and risky structures such as:
- inline JavaScript-style payloads
- dangerous HTML or SVG constructs
- active PDF actions
- suspicious archive paths and nested archive abuse
- risky embedded strings in audio and video containers
- macros, ActiveX, and external relationships in OOXML files
Sanitizing
Supported sanitizers attempt to reduce risk by:
- re-encoding images
- removing unsafe HTML and SVG elements and attributes
- stripping metadata where practical
- rewriting selected file formats into safer forms
- applying best-effort cleanup to complex containers
Archive scanning
ZIP scanning is recursive and designed to detect suspicious content without using shell extraction.
Current guards:
- maximum nesting depth: 3
- maximum scanned entries per archive: 1000
- maximum expanded bytes scanned: 25 MB
- suspicious path detection for entries such as
../evil.txtor absolute paths
HTML and SVG policy
HTML and SVG sanitization is policy-based and removes risky constructs instead of relying on simple tag stripping.
Highlights:
- removes
script,iframe,object,embed,form, and other disallowed elements - removes all
on*event handlers - removes
javascript:,vbscript:,file:, and unsafedata:URLs - removes hostile CSS such as
expression(),@import,url(),behavior:, and-moz-binding - removes SVG active content such as
script,foreignObject, animation elements, external media,image, anduse
Audio support
FileSanitizer includes best-effort support for common audio formats.
What it does
-
Detects suspicious embedded payloads such as:
<scriptjavascript:- inline event handler patterns like
onclick= <iframedata:text/html- embedded PHP tags
-
Removes metadata where practical:
- MP3: ID3v1 and ID3v2 tags
- WAV: selected metadata chunks such as
LIST,INFO, andID3 - OGG, FLAC, M4A, and AAC: conservative best-effort textual payload cleanup
Notes
Audio sanitization is best-effort and does not transcode or fully rebuild complex media containers. No shell tools, SSH access, or external binaries are required.
Video support
FileSanitizer includes best-effort support for common video containers.
What it does
-
Detects suspicious embedded payloads such as:
<scriptjavascript:- inline event handler patterns like
onload= <iframedata:text/html- embedded PHP tags
-
Applies conservative container cleanup where practical:
- MP4 and MOV: attempts to remove selected metadata atoms such as
udta,meta, andilst - AVI: removes selected metadata chunks such as
INFO,JUNK, andIDIT - WebM and MKV: applies conservative best-effort textual payload cleanup
- MP4 and MOV: attempts to remove selected metadata atoms such as
Notes
Video sanitization is best-effort and does not transcode or fully rebuild media containers. Without external tools such as FFmpeg, full structural video rewriting is intentionally out of scope.
Test coverage
Included PHPUnit coverage exercises:
- nested ZIP detection
- path traversal detection inside ZIPs
- HTML sanitization rules
- SVG sanitization rules
- PDF action detection
- audio metadata stripping
- video file scanning for embedded payloads and metadata stripping
Limitations
FileSanitizer is a pure PHP package focused on safe, practical, best-effort sanitization.
Important limitations
- PDF sanitization is a best-effort and not a full PDF rebuild
- OOXML files are scanned for risky content but are not fully rewritten
- audio sanitization removes metadata where practical but does not transcode files
- video sanitization is best-effort and does not perform full re-encoding or container rebuilding
- complex media formats may still require deeper inspection in high-security environments
portavice/filesanitizer 适用场景与选型建议
portavice/filesanitizer 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 175 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 04 月 20 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「PHP Library」 「file sanitization」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 portavice/filesanitizer 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 portavice/filesanitizer 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 portavice/filesanitizer 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Inbox pattern process implementation for your Laravel Applications
Contao CMS integrity check for some files
Core library that defines common interfaces used by the rest of the intahwebz..
A PHP security linter to detect insecure functions like var_dump, print_r, and other dangerous functions in your codebase
统计信息
- 总下载量: 175
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 36
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2026-04-20