zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-03-30 21:53:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
68484da2fc445655165f9755dcde18a7c094b7bc
everything-claude-code/rules/php/security.md
Sam Rook 113119dc6f feat: add laravel skills (#420) 
* feat: add laravel skills

* docs: fix laravel patterns example

* docs: add laravel api example

* docs: update readme and configure-ecc for laravel skills

* docs: reference laravel skills in php rules

* docs: add php import guidance

* docs: expand laravel skills with more pattern, security, testing, and verification examples

* docs: add laravel routing, security, testing, and sail guidance

* docs: fix laravel example issues from code review

* docs: fix laravel examples and skills per review findings

* docs: resolve remaining laravel review fixes

* docs: refine laravel patterns and tdd guidance

* docs: clarify laravel queue healthcheck guidance

* docs: fix laravel examples and test guidance

* docs: correct laravel tdd and api example details

* docs: align laravel form request auth semantics

* docs: fix laravel coverage, imports, and scope guidance

* docs: align laravel tdd and security examples with guidance

* docs: tighten laravel form request authorization examples

* docs: fix laravel tdd and queue job examples

* docs: harden laravel rate limiting and policy examples

* docs: fix laravel pagination, validation, and verification examples

* docs: align laravel controller response with envelope

* docs: strengthen laravel password validation example

* docs: address feedback regarding examples

* docs: improve guidance and examples for pest usage

* docs: clarify laravel upload storage and authorization notes

* docs: tighten up examples
2026-03-16 13:35:23 -07:00

38 lines
1.3 KiB
Markdown
Raw Blame History

---
paths:
- "**/*.php"
- "**/composer.lock"
- "**/composer.json"
---
# PHP Security
> This file extends [common/security.md](../common/security.md) with PHP specific content.
## Input and Output
- Validate request input at the framework boundary (`FormRequest`, Symfony Validator, or explicit DTO validation).
- Escape output in templates by default; treat raw HTML rendering as an exception that must be justified.
- Never trust query params, cookies, headers, or uploaded file metadata without validation.
## Database Safety
- Use prepared statements (`PDO`, Doctrine, Eloquent query builder) for all dynamic queries.
- Avoid string-building SQL in controllers/views.
- Scope ORM mass-assignment carefully and whitelist writable fields.
## Secrets and Dependencies
- Load secrets from environment variables or a secret manager, never from committed config files.
- Run `composer audit` in CI and review new package maintainer trust before adding dependencies.
- Pin major versions deliberately and remove abandoned packages quickly.
## Auth and Session Safety
- Use `password_hash()` / `password_verify()` for password storage.
- Regenerate session identifiers after authentication and privilege changes.
- Enforce CSRF protection on state-changing web requests.
## Reference
See skill: `laravel-security` for Laravel-specific security guidance.
Reference in New Issue View Git Blame Copy Permalink