You are here

protected static function RequestSanitizer::stripDangerousValues in Drupal 8

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()

Strips dangerous keys from $input.

Parameters

mixed $input: The input to sanitize.

string[] $whitelist: An array of keys to whitelist as safe.

string[] $sanitized_keys: An array of keys that have been removed.

Return value

mixed The sanitized input.

2 calls to RequestSanitizer::stripDangerousValues()
RequestSanitizer::checkDestination in core/lib/Drupal/Core/Security/RequestSanitizer.php
Checks a destination string to see if it is dangerous.
RequestSanitizer::processParameterBag in core/lib/Drupal/Core/Security/RequestSanitizer.php
Processes a request parameter bag.

File

core/lib/Drupal/Core/Security/RequestSanitizer.php, line 153

Class

RequestSanitizer
Sanitizes user input.

Namespace

Drupal\Core\Security

Code

protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
  if (is_array($input)) {
    foreach ($input as $key => $value) {
      if ($key !== '' && ((string) $key)[0] === '#' && !in_array($key, $whitelist, TRUE)) {
        unset($input[$key]);
        $sanitized_keys[] = $key;
      }
      else {
        $input[$key] = static::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
      }
    }
  }
  return $input;
}