function DrupalRequestSanitizer::stripDangerousValues

Strips dangerous keys from the provided input.

Parameters

mixed $input: The input to sanitize.

string[] $whitelist: An array of keys to whitelist as safe.

string[] $sanitized_keys: An array of keys that have been removed.

Return value

mixed The sanitized input.

2 calls to DrupalRequestSanitizer::stripDangerousValues()

DrupalRequestSanitizer::cleanDestination in includes/request-sanitizer.inc: Removes the destination if it is dangerous.
DrupalRequestSanitizer::sanitize in includes/request-sanitizer.inc: Modifies the request to strip dangerous keys from user input.

File

includes/request-sanitizer.inc, line 99

Class

DrupalRequestSanitizer: Sanitizes user input from the request.

Code

protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
    if (is_array($input)) {
        foreach ($input as $key => $value) {
            if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
                unset($input[$key]);
                $sanitized_keys[] = $key;
            }
            else {
                $input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
            }
        }
    }
    return $input;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function DrupalRequestSanitizer::stripDangerousValues

Parameters

Return value

File

Class

Code

Search drupal 7.x

API Navigation

Breadcrumb

function DrupalRequestSanitizer::stripDangerousValues

Parameters

Return value

File

Class

Code

Search drupal 7.x

API Navigation