function DrupalRequestSanitizer::sanitize

Modifies the request to strip dangerous keys from user input.

2 calls to DrupalRequestSanitizer::sanitize()
RequestSanitizerTest::requestSanitizationTest in modules/simpletest/tests/request_sanitizer.test
Tests RequestSanitizer class.
_drupal_bootstrap_configuration in includes/bootstrap.inc
Sets up the script environment and loads settings.php.

File

includes/request-sanitizer.inc, line 21

Class

DrupalRequestSanitizer
Sanitizes user input from the request.

Code

public static function sanitize() {
    if (!self::$sanitized) {
        $whitelist = variable_get('sanitize_input_whitelist', array());
        $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
        // Process query string parameters.
        $get_sanitized_keys = array();
        $_GET = self::stripDangerousValues($_GET, $whitelist, $get_sanitized_keys);
        if ($log_sanitized_keys && $get_sanitized_keys) {
            _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from query string parameters (GET): @keys', array(
                '@keys' => implode(', ', $get_sanitized_keys),
            )), E_USER_NOTICE);
        }
        // Process request body parameters.
        $post_sanitized_keys = array();
        $_POST = self::stripDangerousValues($_POST, $whitelist, $post_sanitized_keys);
        if ($log_sanitized_keys && $post_sanitized_keys) {
            _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from request body parameters (POST): @keys', array(
                '@keys' => implode(', ', $post_sanitized_keys),
            )), E_USER_NOTICE);
        }
        // Process cookie parameters.
        $cookie_sanitized_keys = array();
        $_COOKIE = self::stripDangerousValues($_COOKIE, $whitelist, $cookie_sanitized_keys);
        if ($log_sanitized_keys && $cookie_sanitized_keys) {
            _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from cookie parameters (COOKIE): @keys', array(
                '@keys' => implode(', ', $cookie_sanitized_keys),
            )), E_USER_NOTICE);
        }
        $request_sanitized_keys = array();
        $_REQUEST = self::stripDangerousValues($_REQUEST, $whitelist, $request_sanitized_keys);
        self::$sanitized = TRUE;
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.