1. class
  2. Drupal
  3. \
  4. Core
  5. \
  6. Security
  7. \
  8. RequestSanitizer

RequestSanitizer

class RequestSanitizer (View source)

Sanitizes user input.

Constants

SANITIZED

Request attribute to mark the request as sanitized.
SANITIZE_INPUT_SAFE_KEYS

The name of the setting that configures the sanitize input safe keys.
deprecated SANITIZE_WHITELIST

Previous name of SANITIZE_INPUT_SAFE_KEYS.
SANITIZE_LOG

The name of the setting that determines if sanitized keys are logged.

Methods

static Request
sanitize(Request $request, array $safe_keys, bool $log_sanitized_keys = FALSE)

Strips dangerous keys from user input.

static bool
processParameterBag(ParameterBag $bag, array $safe_keys, bool $log_sanitized_keys, string $bag_name, string $message)

Processes a request parameter bag.

static array
checkDestination(string $destination, array $safe_keys)

Checks a destination string to see if it is dangerous.

static mixed
stripDangerousValues(mixed $input, array $safe_keys, array $sanitized_keys)

Strips dangerous keys from $input.

Details

at line 51
static Request sanitize(Request $request, array $safe_keys, bool $log_sanitized_keys = FALSE)

Strips dangerous keys from user input.

Parameters

Request $request

The incoming request to sanitize.
array $safe_keys

An array of keys to consider safe.
bool $log_sanitized_keys

(optional) Set to TRUE to log keys that are sanitized.

Return Value

Request

The sanitized request.

at line 90
static protected bool processParameterBag(ParameterBag $bag, array $safe_keys, bool $log_sanitized_keys, string $bag_name, string $message)

Processes a request parameter bag.

Parameters

ParameterBag $bag

The parameter bag to process.
array $safe_keys

An array of keys to consider safe.
bool $log_sanitized_keys

Set to TRUE to log keys that are sanitized.
string $bag_name

The request parameter bag name. Either 'query', 'request' or 'cookies'.
string $message

The message to log if the parameter bag contains keys that are removed. If the message contains %s that is replaced by a list of removed keys.

Return Value

bool

TRUE if the parameter bag has been sanitized, FALSE if not.

at line 139
static protected array checkDestination(string $destination, array $safe_keys)

Checks a destination string to see if it is dangerous.

Parameters

string $destination

The destination string to check.
array $safe_keys

An array of keys to consider safe.

Return Value

array

The dangerous keys found in the destination parameter.

at line 162
static protected mixed stripDangerousValues(mixed $input, array $safe_keys, array $sanitized_keys)

Strips dangerous keys from $input.

Parameters

mixed $input

The input to sanitize.
array $safe_keys

An array of keys to consider safe.
array $sanitized_keys

An array of keys that have been removed.

Return Value

mixed

The sanitized input.