PHPackages                             distilleries/security - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. distilleries/security

ActiveLibrary[Framework](/categories/framework)

distilleries/security
=====================

Security Middleweare and Helper

v12.0.0(1y ago)214.4k↓28.9%21MITPHPPHP >=7.1.3CI failing

Since Feb 20Pushed 1y ago2 watchersCompare

[ Source](https://github.com/Distilleries/Security)[ Packagist](https://packagist.org/packages/distilleries/security)[ RSS](/packages/distilleries-security/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (7)Versions (17)Used By (1)

[![Scrutinizer Code Quality](https://camo.githubusercontent.com/892020dec9e865972340c2943974a4edef3eb1b57b4871ed3a5d6be527ad42ce/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f44697374696c6c65726965732f53656375726974792f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/Distilleries/Security/?branch=master)[![Code Coverage](https://camo.githubusercontent.com/2b90460fc6ac6544bc6b0cdfe32ba8775340bb43df101c625119ecc982fd087f/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f44697374696c6c65726965732f53656375726974792f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/Distilleries/Security/?branch=master)[![Build Status](https://camo.githubusercontent.com/f966c638825933534b3074af6343dac78056b142d9bbd94a8d7a955ef0fb4739/68747470733a2f2f7472617669732d63692e6f72672f44697374696c6c65726965732f53656375726974792e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/Distilleries/Security)[![Total Downloads](https://camo.githubusercontent.com/c38999b6831929414da84843c32008364bfb54ff0ab6eb5e3363170e31c960ce/68747470733a2f2f706f7365722e707567782e6f72672f64697374696c6c65726965732f53656375726974792f646f776e6c6f616473)](https://packagist.org/packages/distilleries/Security)[![Latest Stable Version](https://camo.githubusercontent.com/2384b35fef225274304491cbf37a23a5262d08445a0ebec148c7d5574f0be6cb/68747470733a2f2f706f7365722e707567782e6f72672f64697374696c6c65726965732f53656375726974792f76657273696f6e)](https://packagist.org/packages/distilleries/Security)[![License](https://camo.githubusercontent.com/f251623e510f5909f16ae3f4e6e548dac11340b9fde1a99be26b015b39272c00/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c6174)](LICENSE.md)

Security
========

[](#security)

Is package to sanitize each data from middleware or it's can me use in standalone to sinitize strings.

Table of contents
-----------------

[](#table-of-contents)

1. [Require](#require)
2. [Installation](#installation)

Require
-------

[](#require)

1. Php 7.1.3 or more

Installation
------------

[](#installation)

Add on your composer.json

```
    "require": {
        "distilleries/security": "1.*",
    }
```

run `composer update`.

Publish the configuration:

```
php artisan vendor:publish --provider="Distilleries\Security\SecurityServiceProvider"

```

Configurations
--------------

[](#configurations)

```
    return [
       'xss_enable'=> env('SECURITY_XSS_ENABLE',true),
       'html_purifier'=> env('SECURITY_HTML_PURIFIER_ENABLE',true)
    ];
```

FieldUsagexss\_enableEnable Xss Clean on Middlewarehtml\_purifierEnable Html purifier on MiddlewareAdd the Middleware on the kernel file.

```
    protected $middleware = [
        \Distilleries\Security\Http\Middleware\XSS::class
    ];
```

Standalone usage
----------------

[](#standalone-usage)

You can use the class Security to sanitize data directly

### Sinitize string

[](#sinitize-string)

```
    $xss = new \Distilleries\Security\Helpers\Security();
    $xss->xss_clean('Click to alert');
```

> Should return Click to alert

### Entity decode

[](#entity-decode)

This function is a replacement for html\_entity\_decode()

The reason we are not using `html\_entity\_decode() by itself is because while it is not technically correct to leave out the semicolon at the end of an entity most browsers will still interpret the entity correctly. html\_entity\_decode() does not convert entities without semicolons, so we are left with our own little solution here. Bummer.

```
    $xss = new \Distilleries\Security\Helpers\Security();
    $xss->entity_decode(<a href="javascript:alert('test')">Test</a>');
```

> Should return Test

### Sinitize file path

[](#sinitize-file-path)

```
    $xss = new \Distilleries\Security\Helpers\Security();
    $xss->sanitize_filename('./../test.jgp',true);
```

> Should display ./test.jpg instead of ./../test.jgp. The last parameter it's to allow or disallow relative path

```
    $xss = new \Distilleries\Security\Helpers\Security();
    $xss->sanitize_filename('./../test.jgp',false);
```

> Should display test.jpg instead of ./../test.jgp.

###  Health Score

42

—

FairBetter than 90% of packages

Maintenance44

Moderate activity, may be stable

Popularity30

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~183 days

Recently: every ~273 days

Total

13

Last Release

439d ago

Major Versions

v1.5.0 → v10.0.12023-05-26

V10.0.0 → v11.0.02024-05-28

v11.0.0 → v12.0.02025-03-05

### Community

Maintainers

![](https://www.gravatar.com/avatar/c1edc17683ed39a2cc6dbe453c2c5aaa63468fc5b54f13941f260ebe260da211?d=identicon)[Kezho](/maintainers/Kezho)

---

Top Contributors

[![mfrancoisbbs](https://avatars.githubusercontent.com/u/133215273?v=4)](https://github.com/mfrancoisbbs "mfrancoisbbs (17 commits)")[![mfrancois](https://avatars.githubusercontent.com/u/654224?v=4)](https://github.com/mfrancois "mfrancois (8 commits)")[![mikaelpopowicz](https://avatars.githubusercontent.com/u/5689944?v=4)](https://github.com/mikaelpopowicz "mikaelpopowicz (8 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (3 commits)")[![crezra](https://avatars.githubusercontent.com/u/81156495?v=4)](https://github.com/crezra "crezra (1 commits)")

---

Tags

frameworklaravelsecurityadmindistilleries

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/distilleries-security/health.svg)

```
[![Health](https://phpackages.com/badges/distilleries-security/health.svg)](https://phpackages.com/packages/distilleries-security)
```

###  Alternatives

[orchid/platform

Platform for back-office applications, admin panel or CMS your Laravel app.

4.8k2.5M59](/packages/orchid-platform)[distilleries/expendable

Expendable is an admin panel base on laravel 5.\*. This package give you some implementation do add a content management system of your application. You can override everything. This Cms give view few tools to develop your content management easily and properly.

298.8k2](/packages/distilleries-expendable)[bpocallaghan/laravel-admin-starter

The Laravel Framework.

3511.4k](/packages/bpocallaghan-laravel-admin-starter)[lanin/laravel-api-exceptions

All in one solution for exception for JSON REST APIs on Laravel and Lumen.

40102.4k](/packages/lanin-laravel-api-exceptions)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)