function RequestSanitizer::stripDangerousValues
Same name in other branches
- 8.9.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()
- 10 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()
- 11.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()
Strips dangerous keys from $input.
Parameters
mixed $input: The input to sanitize.
string[] $safe_keys: An array of keys to consider safe.
string[] $sanitized_keys: An array of keys that have been removed.
Return value
mixed The sanitized input.
2 calls to RequestSanitizer::stripDangerousValues()
- RequestSanitizer::checkDestination in core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php - Checks a destination string to see if it is dangerous.
- RequestSanitizer::processParameterBag in core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php - Processes a request parameter bag.
File
-
core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php, line 162
Class
- RequestSanitizer
- Sanitizes user input.
Namespace
Drupal\Core\SecurityCode
protected static function stripDangerousValues($input, array $safe_keys, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && ((string) $key)[0] === '#' && !in_array($key, $safe_keys, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}
else {
$input[$key] = static::stripDangerousValues($input[$key], $safe_keys, $sanitized_keys);
}
}
}
return $input;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.