function RequestSanitizer::sanitize
Same name in other branches
- 9 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::sanitize()
- 8.9.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::sanitize()
- 10 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::sanitize()
Strips dangerous keys from user input.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The incoming request to sanitize.
string[] $safe_keys: An array of keys to consider safe.
bool $log_sanitized_keys: (optional) Set to TRUE to log keys that are sanitized.
Return value
\Symfony\Component\HttpFoundation\Request The sanitized request.
6 calls to RequestSanitizer::sanitize()
- DrupalKernel::preHandle in core/
lib/ Drupal/ Core/ DrupalKernel.php - Helper method that does request related initialization.
- RequestSanitizerTest::testAcceptableDestinationGet in core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php - Tests acceptable destinations are not removed from GET requests.
- RequestSanitizerTest::testAcceptableDestinationPost in core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php - Tests acceptable destinations are not removed from POST requests.
- RequestSanitizerTest::testRequestSanitization in core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php - Tests RequestSanitizer class.
- RequestSanitizerTest::testSanitizedDestinationGet in core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php - Tests unacceptable destinations are removed from GET requests.
File
-
core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php, line 42
Class
- RequestSanitizer
- Sanitizes user input.
Namespace
Drupal\Core\SecurityCode
public static function sanitize(Request $request, array $safe_keys, $log_sanitized_keys = FALSE) {
if (!$request->attributes
->get(self::SANITIZED, FALSE)) {
$update_globals = FALSE;
$bags = [
'query' => 'Potentially unsafe keys removed from query string parameters (GET): %s',
'request' => 'Potentially unsafe keys removed from request body parameters (POST): %s',
'cookies' => 'Potentially unsafe keys removed from cookie parameters: %s',
];
foreach ($bags as $bag => $message) {
if (static::processParameterBag($request->{$bag}, $safe_keys, $log_sanitized_keys, $bag, $message)) {
$update_globals = TRUE;
}
}
if ($update_globals) {
$request->overrideGlobals();
}
$request->attributes
->set(self::SANITIZED, TRUE);
}
return $request;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.