class DrupalRequestSanitizer

Sanitizes user input from the request.

Hierarchy

Expanded class hierarchy of DrupalRequestSanitizer

2 string references to 'DrupalRequestSanitizer'
RequestSanitizerTest::getInfo in modules/simpletest/tests/request_sanitizer.test
RequestSanitizerTest::requestSanitizationTest in modules/simpletest/tests/request_sanitizer.test
Tests RequestSanitizer class.

File

includes/request-sanitizer.inc, line 11

View source 
class DrupalRequestSanitizer {
    
    /**
     * Tracks whether the request was already sanitized.
     */
    protected static $sanitized = FALSE;
    
    /**
     * Modifies the request to strip dangerous keys from user input.
     */
    public static function sanitize() {
        if (!self::$sanitized) {
            $whitelist = variable_get('sanitize_input_whitelist', array());
            $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
            // Process query string parameters.
            $get_sanitized_keys = array();
            $_GET = self::stripDangerousValues($_GET, $whitelist, $get_sanitized_keys);
            if ($log_sanitized_keys && $get_sanitized_keys) {
                _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from query string parameters (GET): @keys', array(
                    '@keys' => implode(', ', $get_sanitized_keys),
                )), E_USER_NOTICE);
            }
            // Process request body parameters.
            $post_sanitized_keys = array();
            $_POST = self::stripDangerousValues($_POST, $whitelist, $post_sanitized_keys);
            if ($log_sanitized_keys && $post_sanitized_keys) {
                _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from request body parameters (POST): @keys', array(
                    '@keys' => implode(', ', $post_sanitized_keys),
                )), E_USER_NOTICE);
            }
            // Process cookie parameters.
            $cookie_sanitized_keys = array();
            $_COOKIE = self::stripDangerousValues($_COOKIE, $whitelist, $cookie_sanitized_keys);
            if ($log_sanitized_keys && $cookie_sanitized_keys) {
                _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from cookie parameters (COOKIE): @keys', array(
                    '@keys' => implode(', ', $cookie_sanitized_keys),
                )), E_USER_NOTICE);
            }
            $request_sanitized_keys = array();
            $_REQUEST = self::stripDangerousValues($_REQUEST, $whitelist, $request_sanitized_keys);
            self::$sanitized = TRUE;
        }
    }
    
    /**
     * Removes the destination if it is dangerous.
     *
     * Note this can only be called after common.inc has been included.
     *
     * @return bool
     *   TRUE if the destination has been removed from $_GET, FALSE if not.
     */
    public static function cleanDestination() {
        $dangerous_keys = array();
        $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
        $parts = drupal_parse_url($_GET['destination']);
        // If there is a query string, check its query parameters.
        if (!empty($parts['query'])) {
            $whitelist = variable_get('sanitize_input_whitelist', array());
            self::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys);
            if (!empty($dangerous_keys)) {
                // The destination is removed rather than sanitized to mirror the
                // handling of external destinations.
                unset($_GET['destination']);
                unset($_REQUEST['destination']);
                if ($log_sanitized_keys) {
                    trigger_error(format_string('Potentially unsafe destination removed from query string parameters (GET) because it contained the following keys: @keys', array(
                        '@keys' => implode(', ', $dangerous_keys),
                    )));
                }
                return TRUE;
            }
        }
        return FALSE;
    }
    
    /**
     * Strips dangerous keys from the provided input.
     *
     * @param mixed $input
     *   The input to sanitize.
     * @param string[] $whitelist
     *   An array of keys to whitelist as safe.
     * @param string[] $sanitized_keys
     *   An array of keys that have been removed.
     *
     * @return mixed
     *   The sanitized input.
     */
    protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
        if (is_array($input)) {
            foreach ($input as $key => $value) {
                if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
                    unset($input[$key]);
                    $sanitized_keys[] = $key;
                }
                else {
                    $input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
                }
            }
        }
        return $input;
    }

}

Members

Title Modifiers Object type Summary
DrupalRequestSanitizer::$sanitized protected static property Tracks whether the request was already sanitized.
DrupalRequestSanitizer::cleanDestination public static function Removes the destination if it is dangerous.
DrupalRequestSanitizer::sanitize public static function Modifies the request to strip dangerous keys from user input.
DrupalRequestSanitizer::stripDangerousValues protected static function Strips dangerous keys from the provided input.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.