1. <?php
  3. /**
  4. * Sanitizes user input with rate limiting for isolated environments.
  5. *
  6. * @param array $data The array of user input data.
  7. * @param int $rateLimit The maximum number of requests allowed per time window (e.g., 60 seconds).
  8. * @param int $timeWindow The time window in seconds for rate limiting.
  9. * @return array The sanitized data. Returns an empty array if rate limited.
  10. */
  11. function sanitizeAndRateLimit(array $data, int $rateLimit, int $timeWindow): array
  12. {
  13. // Rate limiting implementation (using a simple in-memory counter)
  14. $rateLimitCounter = [];
  15. $now = time();
  17. // Clean and validate the input data
  18. $sanitizedData = [];
  19. foreach ($data as $key => $value) {
  20. if (is_array($value)) {
  21. $sanitizedData[$key] = sanitizeAndRateLimit($value, $rateLimit, $timeWindow); // Recursive call for nested arrays
  22. continue;
  23. }
  25. $sanitizedData[$key] = trim(htmlspecialchars($value, ENT_QUOTES, 'UTF-8')); // Basic sanitization: trim whitespace and escape HTML entities
  26. }
  28. // Rate limiting check
  29. if (!isset($rateLimitCounter[$now])) {
  30. $rateLimitCounter[$now] = $rateLimit;
  31. }
  33. if ($rateLimitCounter[$now] > 0) {
  34. $rateLimitCounter[$now]--;
  35. } else {
  36. // Rate limit exceeded
  37. error_log("Rate limit exceeded"); // Log the event
  38. return []; // Return empty array to indicate rate limit exceeded.
  39. }
  41. return $sanitizedData;
  42. }
  45. // Example usage:
  46. /*
  47. $userInput = $_POST; // Or $_GET, etc.
  49. $sanitizedInput = sanitizeAndRateLimit($userInput, 10, 60); // Rate limit: 10 requests per 60 seconds
  51. if (!empty($sanitizedInput)) {
  52. // Process the sanitized data
  53. print_r($sanitizedInput);
  54. } else {
  55. // Handle rate limit exceeded
  56. echo "Rate limit exceeded. Please try again later.";
  57. }
  59. */
  62. ?>

Add your comment