protected static function RequestSanitizer::stripDangerousValues in Drupal 8
Same name and namespace in other branches
- 9 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()
Strips dangerous keys from $input.
Parameters
mixed $input: The input to sanitize.
string[] $whitelist: An array of keys to whitelist as safe.
string[] $sanitized_keys: An array of keys that have been removed.
Return value
mixed The sanitized input.
2 calls to RequestSanitizer::stripDangerousValues()
- RequestSanitizer::checkDestination in core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php - Checks a destination string to see if it is dangerous.
- RequestSanitizer::processParameterBag in core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php - Processes a request parameter bag.
File
- core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php, line 153
Class
- RequestSanitizer
- Sanitizes user input.
Namespace
Drupal\Core\SecurityCode
protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && ((string) $key)[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}
else {
$input[$key] = static::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
}
}
}
return $input;
}