Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Psalm Laravel Package

vimeo/psalm

Psalm is a powerful PHP static analysis tool that finds type errors and bugs before runtime. Install via Composer, configure for your codebase, and run it locally or try the live demo at psalm.dev. Docs and integrations available for teams and CI.

View on GitHub

Deep Wiki

Context7

TaintedHeader

Potential header injection. This rule is emitted when user-controlled input can be passed into an HTTP header.

Risk

The risk of a header injection depends hugely on your environment.

If your webserver supports something like XSendFile / X-Accel, an attacker could potentially access arbitrary files on the systems.

If your system does not do that, there may be other concerns, such as:

Cookie Injection
Open Redirects
Proxy Cache Poisoning

Example

<?php

header($_GET['header']);

Mitigations

Make sure only the value and not the key can be set by an attacker. (e.g. header('Location: ' . $_GET['target']);)

Verify the set values are sensible. Consider using an allow list. (e.g. for redirections)

Further resources

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport