function RequestSanitizer::checkDestination
Same name in other branches
- 9 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()
- 8.9.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()
- 11.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()
Checks a destination string to see if it is dangerous.
Parameters
string $destination: The destination string to check.
string[] $safe_keys: An array of keys to consider safe.
Return value
array The dangerous keys found in the destination parameter.
1 call to RequestSanitizer::checkDestination()
- RequestSanitizer::processParameterBag in core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php - Processes a request parameter bag.
File
-
core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php, line 130
Class
- RequestSanitizer
- Sanitizes user input.
Namespace
Drupal\Core\SecurityCode
protected static function checkDestination($destination, array $safe_keys) {
$dangerous_keys = [];
$parts = UrlHelper::parse($destination);
// If there is a query string, check its query parameters.
if (!empty($parts['query'])) {
static::stripDangerousValues($parts['query'], $safe_keys, $dangerous_keys);
}
return $dangerous_keys;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.