You are here

protected static function DrupalRequestSanitizer::stripDangerousValues in Drupal 7

Strips dangerous keys from the provided input.

Parameters

mixed $input: The input to sanitize.

string[] $whitelist: An array of keys to whitelist as safe.

string[] $sanitized_keys: An array of keys that have been removed.

Return value

mixed The sanitized input.

2 calls to DrupalRequestSanitizer::stripDangerousValues()
DrupalRequestSanitizer::cleanDestination in includes/request-sanitizer.inc
Removes the destination if it is dangerous.
DrupalRequestSanitizer::sanitize in includes/request-sanitizer.inc
Modifies the request to strip dangerous keys from user input.

File

includes/request-sanitizer.inc, line 99
Contains code for sanitizing user input from the request.

Class

DrupalRequestSanitizer
Sanitizes user input from the request.

Code

protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
  if (is_array($input)) {
    foreach ($input as $key => $value) {
      if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
        unset($input[$key]);
        $sanitized_keys[] = $key;
      }
      else {
        $input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
      }
    }
  }
  return $input;
}