protected static function DrupalRequestSanitizer::stripDangerousValues in Drupal 7
Strips dangerous keys from the provided input.
Parameters
mixed $input: The input to sanitize.
string[] $whitelist: An array of keys to whitelist as safe.
string[] $sanitized_keys: An array of keys that have been removed.
Return value
mixed The sanitized input.
2 calls to DrupalRequestSanitizer::stripDangerousValues()
- DrupalRequestSanitizer::cleanDestination in includes/
request-sanitizer.inc - Removes the destination if it is dangerous.
- DrupalRequestSanitizer::sanitize in includes/
request-sanitizer.inc - Modifies the request to strip dangerous keys from user input.
File
- includes/
request-sanitizer.inc, line 99 - Contains code for sanitizing user input from the request.
Class
- DrupalRequestSanitizer
- Sanitizes user input from the request.
Code
protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}
else {
$input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
}
}
}
return $input;
}