zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-03-31 06:03:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
27234fb79037d1246d3a1c2b28cff22a77331ae5
everything-claude-code/.cursor/rules/php-security.md
Affaan Mustafa ed366bddbb feat: add php rule pack
2026-03-10 21:10:26 -07:00

851 B
Raw Blame History

description, globs, alwaysApply
description globs alwaysApply
PHP security extending common rules
**/*.php
**/composer.lock
**/composer.json
false

PHP Security

This file extends the common security rule with PHP specific content.

Database Safety

  • Use prepared statements (PDO, Doctrine, Eloquent query builder) for all dynamic queries.
  • Scope ORM mass-assignment carefully and whitelist writable fields.

Secrets and Dependencies

  • Load secrets from environment variables or a secret manager, never from committed config files.
  • Run composer audit in CI and review package trust before adding dependencies.

Auth and Session Safety

  • Use password_hash() / password_verify() for password storage.
  • Regenerate session identifiers after authentication and privilege changes.
  • Enforce CSRF protection on state-changing web requests.
Reference in New Issue View Git Blame Copy Permalink