매뉴얼

Rhymix\Framework\Security

sanitize() #

public static function sanitize(
    string $input,
    string $type
): string

Sanitize a variable.

encrypt() #

public static function encrypt(
    string $plaintext,
    ?string $key = null
): string

Encrypt a string using AES.

decrypt() #

public static function decrypt(
    string $ciphertext,
    ?string $key = null
)

Decrypt a string using AES.

createSignature() #

public static function createSignature(string $string): string

Create a digital signature to verify the authenticity of a string.

verifySignature() #

public static function verifySignature(
    string $string,
    string $signature
): bool

Check whether a signature is valid.

getRandom() #

public static function getRandom(
    int $length = 32,
    string $format = 'alnum'
): string

Generate a cryptographically secure random string.

getRandomNumber() #

public static function getRandomNumber(
    int $min = 0,
    int $max = 9223372036854775807
): int

Generate a cryptographically secure random number between $min and $max.

getRandomUUID() #

public static function getRandomUUID(int $version = 4): string

Generate a random UUID. The code for UUIDv4 is based on https://stackoverflow.com/a/15875555/481206

compareStrings() #

public static function compareStrings(
    string $a,
    string $b
): bool

Compare two strings in constant time.

checkCSRF() #

public static function checkCSRF(?string $referer = null): bool

Check if the current request seems to be a CSRF attack. This method returns true if the request seems to be innocent, and false if it seems to be a CSRF attack.

checkXXE() #

public static function checkXXE(?string $xml = null): bool

Check if the current request seems to be an XXE (XML external entity) attack. This method returns true if the request seems to be innocent, and false if it seems to be an XXE attack. This is the opposite of XE's Security::detectingXEE() method. The name has also been changed to the more accurate acronym XXE.