Security Helper

The Security Helper provides utility functions to sanitize user input, filenames, and handle CSRF tokens in LavaLust applications. These helpers improve security by filtering input, preventing malicious filenames, and protecting forms against CSRF attacks.

Note

These helper functions rely on PHP’s built-in filtering and LavaLust’s internal Security class. Always ensure user input is properly validated and sanitized when using these helpers.

Function Summary

Function

Description

filter_io()

Sanitizes and filters a variable according to its type.

sanitize_filename()

Sanitizes filenames to prevent unsafe characters.

csrf_field()

Outputs a hidden input field containing the CSRF token for forms.

Available Functions

filter_io($type, $var)

Filters a variable based on the specified type.

Parameters:

  • $type (string) – The type of filter to apply (string, int, float, url, email).

  • $var (mixed) – The variable to filter.

Returns:

mixed — The filtered value.

Example:

<?php
$email = filter_io('email', 'user@example.com');
$id    = filter_io('int', '123abc'); // returns 123
sanitize_filename($filename)

Sanitizes a filename to remove unsafe or special characters.

Parameters:

  • $filename (string) – The filename to sanitize.

Returns:

string — A sanitized version of the filename safe for storage or upload.

Example:

<?php
$safe_name = sanitize_filename('my file<>.txt');
echo $safe_name; // Output: my_file.txt
csrf_field()

Outputs a hidden input field containing the CSRF token to protect HTML forms against CSRF attacks.

Returns:

void — Directly echoes the HTML input field.

Example:

<?php
echo '<form method="post" action="/submit">';
csrf_field();
echo '<input type="submit" value="Submit">';
echo '</form>';

Additional Notes

  • filter_io() uses PHP’s filter_var() for sanitization.

  • sanitize_filename() leverages LavaLust’s internal security class to ensure safe filenames.

  • csrf_field() automatically generates a token and echoes a hidden input field; include it in every POST form for CSRF protection.

  • Use these helpers consistently to enhance application security and prevent common attacks.