Added URL sanitization feature

README.md

@@ -29,11 +29,24 @@ $unsanitized_value = "<br>Unsanitized";
 
 $sanitize = new Sanitize();
 $sanitize->text($unsanitized_value); // Unsanitized
+
+// Attribute sanitization
+$sanitize->attr("(Attribute Show)");
+
+// Url sanitization
+$sanitize->url("https://bad-url.com new");
 ```
 
-## Release Note: `v0.0.1`
+## Release Notes:
+
+#### Release version `0.0.2`
+- Added `Url` Sanitization
+
 
+#### Release version `0.0.1`
 - Release some simple escaping functions.
+- Added `text` sanitization
+- Added `attribute` sanitization
 
 ## License
 The Library is open-sourced software licensed under the <a href="https://opensource.org/licenses/MIT">MIT license</a>.

composer.json

@@ -3,6 +3,7 @@
     "description": "A php package that would sanitize your every input and HTML",
     "type": "library",
     "license": "MIT",
+    "version": "0.0.2",
     "authors": [
         {
             "name": "ManiruzzamanAkash",
@@ -13,12 +14,15 @@
     "require": {
         "php": ">=5.3.0"
     },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
     "autoload": {
         "psr-4": {
             "Sanitizer\\": "src/Sanitizer/",
             "Maniruzzaman\\Sanitizer\\": "src/"
-        }
-    },
-    "minimum-stability": "stable",
-    "prefer-stable": true
+        },
+        "files": [
+            "functions.php"
+        ]
+    }
 }

src/Sanitize.php

@@ -85,4 +85,106 @@ public function attr($attr)
 
         return $safe_text;
     }
+
+    /**
+     * Checks and cleans a URL.
+     *
+     * A number of characters are removed from the URL. If the URL is for displaying
+     * (the default behaviour) ampersands are also replaced.
+     *
+     * @since 0.0.2
+     *
+     * @param string   $url       The URL to be cleaned.
+     * @param string[] $protocols Optional. An array of acceptable protocols.
+     *                            Defaults to return value of get_allowed_protocols().
+     * @param string   $visibility  Private. Use for database usage.
+     * @return string  $clean_url
+     */
+    public function url($url, $protocols = null, $visibility = 'display')
+    {
+        $original_url = $url;
+
+        if ('' === $url) {
+            return $url;
+        }
+
+        $url = str_replace(' ', '%20', ltrim($url));
+        $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url);
+
+        if ('' === $url) {
+            return $url;
+        }
+
+        if (0 !== stripos($url, 'mailto:')) {
+            $strip = array('%0d', '%0a', '%0D', '%0A');
+            $url   = _deep_replace($strip, $url);
+        }
+
+        $url = str_replace(';//', '://', $url);
+
+        /*
+        * If the URL doesn't appear to contain a scheme, we presume
+        * it needs http:// prepended (unless it's a relative link
+        * starting with /, # or ?, or a PHP file).
+        */
+        if (
+            strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?'), true) &&
+            !preg_match('/^[a-z0-9-]+?\.php/i', $url)
+        ) {
+            $url = 'http://' . $url;
+        }
+
+        // Replace ampersands and single quotes only when displaying.
+        if ('display' === $visibility) {
+            // $url = normalize_entities($url); // @todo implement this in later version
+            $url = str_replace('&', '&', $url);
+            $url = str_replace("'", ''', $url);
+        }
+
+        if ((false !== strpos($url, '[')) || (false !== strpos($url, ']'))) {
+
+            $parsed = parse_url_string($url);
+            $front  = '';
+
+            if (isset($parsed['scheme'])) {
+                $front .= $parsed['scheme'] . '://';
+            } elseif ('/' === $url[0]) {
+                $front .= '//';
+            }
+
+            if (isset($parsed['user'])) {
+                $front .= $parsed['user'];
+            }
+
+            if (isset($parsed['pass'])) {
+                $front .= ':' . $parsed['pass'];
+            }
+
+            if (isset($parsed['user']) || isset($parsed['pass'])) {
+                $front .= '@';
+            }
+
+            if (isset($parsed['host'])) {
+                $front .= $parsed['host'];
+            }
+
+            if (isset($parsed['port'])) {
+                $front .= ':' . $parsed['port'];
+            }
+
+            $end_dirty = str_replace($front, '', $url);
+            $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
+            $url       = str_replace($end_dirty, $end_clean, $url);
+        }
+
+        if ('/' === $url[0]) {
+            $good_protocol_url = $url;
+        } else {
+            if (!is_array($protocols)) {
+                $protocols = get_allowed_protocols();
+            }
+        }
+
+        return $url;
+    }
 }