function RequestSanitizer::stripDangerousValues

Strips dangerous keys from $input.

Parameters

mixed $input: The input to sanitize.

string[] $safe_keys: An array of keys to consider safe.

string[] $sanitized_keys: An array of keys that have been removed.

Return value

mixed The sanitized input.

2 calls to RequestSanitizer::stripDangerousValues()

RequestSanitizer::checkDestination in core/lib/Drupal/Core/Security/RequestSanitizer.php: Checks a destination string to see if it is dangerous.
RequestSanitizer::processParameterBag in core/lib/Drupal/Core/Security/RequestSanitizer.php: Processes a request parameter bag.

File

core/lib/Drupal/Core/Security/RequestSanitizer.php, line 153

Class

RequestSanitizer: Sanitizes user input.

Namespace

Drupal\Core\Security

Code

protected static function stripDangerousValues($input, array $safe_keys, array &$sanitized_keys) {
  if (is_array($input)) {
    foreach ($input as $key => $value) {
      if ($key !== '' && ((string) $key)[0] === '#' && !in_array($key, $safe_keys, TRUE)) {
        unset($input[$key]);
        $sanitized_keys[] = $key;
      }
      else {
        $input[$key] = static::stripDangerousValues($input[$key], $safe_keys, $sanitized_keys);
      }
    }
  }
  return $input;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

Breadcrumb