PHPackages                             jakubboucek/safe-request - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. jakubboucek/safe-request

Abandoned → [nette/http](/?search=nette%2Fhttp)ArchivedLibrary[HTTP &amp; Networking](/categories/http)

jakubboucek/safe-request
========================

Safe HTTP Request: extension of Nette Request object, but sanitized from known safety issues

v0.9.1(2y ago)14MITPHPPHP ^7.4 || ^8.0 || ^8.1 || ^8.2 || ^8.3

Since Nov 16Pushed 2y ago1 watchersCompare

[ Source](https://github.com/jakubboucek/safe-request)[ Packagist](https://packagist.org/packages/jakubboucek/safe-request)[ RSS](/packages/jakubboucek-safe-request/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (2)Versions (3)Used By (0)

Safe HTTP Request
=================

[](#safe-http-request)

Safe HTTP Request: extension of [Nette Request object](https://doc.nette.org/cs/http/request), but sanitized from known safety issues.

Sanitized issues
----------------

[](#sanitized-issues)

1. Using [Nette `RequestFactory`](https://github.com/nette/http/blob/master/src/Http/RequestFactory.php) **can cause to leak user's Basic auth credentials**, because it by-default creating the [`Url` object](https://github.com/nette/http/blob/master/src/Http/Url.php) with that and used to create back-link URLs (issue [nette/http#215](https://github.com/nette/http/issues/215)). It's fixed at [PR#211](https://github.com/nette/http/pull/211), but not yet released (and probably fix it will be never available for PHP &lt; 8.0).
2. Call of [`Request->getReferer()`](https://github.com/nette/http/blob/v3.1.6/src/Http/Request.php#L233-L241)method can cause to crash App, because evil client can call request with invalid `Referer` header (issue [nette/http#215](https://github.com/nette/http/issues/215)). It's fixed at eb3f6d1980c0b2552a13f5eb944d37515072c998, but only with mark method as deprecated and not yet released (and probably fix it will be never available for PHP &lt; 8.0).
3. Call of [`Request->getRemoteHost()`](https://github.com/nette/http/blob/v3.1.6/src/Http/Request.php#L296-L306)method can cause to slow or stuck your App, because `Request` object is trying contact DNS server on every read of property (issue [nette/http#218](https://github.com/nette/http/issues/218)).

Package requires the [`nette/http`](https://packagist.org/packages/nette/http) package, it's not replacing it, just extending it.

Features
--------

[](#features)

- Removes sensitive data from `Request`-&gt;`Url` object.
- Fixes app crash on request with invalid Referer.
- Fixes performance issue with Remote Host.

Install
-------

[](#install)

```
composer require jakubboucek/safe-request
```

Usage
-----

[](#usage)

Instead:

```
$request = (new \Nette\Http\RequestFactory)->fromGlobals();
```

Use:

```
$request = (new \JakubBoucek\SafeRequest\SafeRequestFactory)->fromGlobals();
```

You can get Basic Auth User Credential with:

```
$user = $request->getUser();
$pass = $request->getPassword();
```

You can get `Url` with Basic Auth User Credential with:

```
$url = $request->getUrlWithUserCredential();
echo $url; // http://user:password@example.com/
```

Contributing
------------

[](#contributing)

Please don't hesitate send Issue or Pull Request.

Security
--------

[](#security)

If you discover any security related issues, please email  instead of using the issue tracker.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE) for more information.

### Origin code licences

[](#origin-code-licences)

- [New BSD License](https://github.com/nette/latte/blob/master/license.md#new-bsd-license)
- [GNU General Public License](https://github.com/nette/latte/blob/master/license.md#gnu-general-public-license)

Copyright (c) 2004, 2014 David Grudl () All rights reserved. Please see [License File](https://github.com/nette/latte/blob/master/license.md) for more information.

###  Health Score

23

—

LowBetter than 26% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity5

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~483 days

Total

2

Last Release

843d ago

PHP version history (2 changes)v0.9.0PHP ^7.4 || ^8.0 || ^8.1 || ^8.2

v0.9.1PHP ^7.4 || ^8.0 || ^8.1 || ^8.2 || ^8.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1657322?v=4)[Jakub Bouček](/maintainers/jakubboucek)[@jakubboucek](https://github.com/jakubboucek)

---

Top Contributors

[![jakubboucek](https://avatars.githubusercontent.com/u/1657322?v=4)](https://github.com/jakubboucek "jakubboucek (2 commits)")

### Embed Badge

![Health badge](/badges/jakubboucek-safe-request/health.svg)

```
[![Health](https://phpackages.com/badges/jakubboucek-safe-request/health.svg)](https://phpackages.com/packages/jakubboucek-safe-request)
```

###  Alternatives

[nette/routing

Nette Routing: two-ways URL conversion

26012.5M30](/packages/nette-routing)[contributte/api-router

RESTful Router for your Apis in Nette Framework - created either directly or via attributes

21812.1k3](/packages/contributte-api-router)[contributte/api

Powerful, documented, validated, built-in API to Nette Framework (@nette)

12684.5k](/packages/contributte-api)[kdyby/fake-session

FakeSession class for Nette Framework

10356.8k7](/packages/kdyby-fake-session)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
