You are here

protected static function RequestSanitizer::stripDangerousValues in Drupal 9

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::stripDangerousValues()

Strips dangerous keys from $input.

Parameters

mixed $input: The input to sanitize.

string[] $safe_keys: An array of keys to consider safe.

string[] $sanitized_keys: An array of keys that have been removed.

Return value

mixed The sanitized input.

2 calls to RequestSanitizer::stripDangerousValues()
RequestSanitizer::checkDestination in core/lib/Drupal/Core/Security/RequestSanitizer.php
Checks a destination string to see if it is dangerous.
RequestSanitizer::processParameterBag in core/lib/Drupal/Core/Security/RequestSanitizer.php
Processes a request parameter bag.

File

core/lib/Drupal/Core/Security/RequestSanitizer.php, line 162

Class

RequestSanitizer
Sanitizes user input.

Namespace

Drupal\Core\Security

Code

protected static function stripDangerousValues($input, array $safe_keys, array &$sanitized_keys) {
  if (is_array($input)) {
    foreach ($input as $key => $value) {
      if ($key !== '' && ((string) $key)[0] === '#' && !in_array($key, $safe_keys, TRUE)) {
        unset($input[$key]);
        $sanitized_keys[] = $key;
      }
      else {
        $input[$key] = static::stripDangerousValues($input[$key], $safe_keys, $sanitized_keys);
      }
    }
  }
  return $input;
}