php-open-redirect-audit
CommunityGuard PHP apps from user-controlled redirects.
Software Engineering#php#input-validation#web-security#security-audit#redirect#code-audit#open-redirect
Author0xShe
Version1.0.0
Installs0
System Documentation
What problem does it solve?
PHP web applications often perform redirects based on user input or external data. This can enable phishing, OAuth flow hijacking, and session misdirection if the destination is not properly validated.
Core Features & Use Cases
- Mandatory sink detection: header("Location"), meta refresh, redirect helpers like redirect()/to(), and internal wrappers that output Location.
- Controllability analysis: trace sources such as $_GET, $_POST, Referer, and return_to; verify allowlists and normalization logic to block unsafe destinations.
- Output and remediation: generate PoC-style evidence and concrete fixes (restrict to relative paths, enforce server-side allowlists, and normalize schemes).
Quick Start
Run the audit on a PHP codebase to identify user-controlled redirects and output a remediation report.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: php-open-redirect-audit Download link: https://github.com/0xShe/PHP-Code-Audit-Skill/archive/main.zip#php-open-redirect-audit Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.