Drupal\Core\Security\RequestSanitizer | Drupal Core API Explorer

class RequestSanitizer (View source)

Sanitizes user input.

Constants

SANITIZED

Request attribute to mark the request as sanitized.

SANITIZE_WHITELIST

The name of the setting that configures the whitelist.

SANITIZE_LOG

The name of the setting that determines if sanitized keys are logged.

Methods

static Request

sanitize(Request $request, string[] $whitelist, bool $log_sanitized_keys = FALSE)

Strips dangerous keys from user input.

static bool

processParameterBag(ParameterBag $bag, string[] $whitelist, bool $log_sanitized_keys, string $bag_name, string $message)

Processes a request parameter bag.

static array

checkDestination(string $destination, array $whitelist)

Checks a destination string to see if it is dangerous.

static mixed

stripDangerousValues(mixed $input, array $whitelist, array $sanitized_keys)

Strips dangerous keys from $input.

Details

at line 42
`static Request sanitize(Request $request, string[] $whitelist, bool $log_sanitized_keys = FALSE)`

Strips dangerous keys from user input.

Parameters

Request	$request	The incoming request to sanitize.
string[]	$whitelist	An array of keys to whitelist as safe. See default.settings.php.
bool	$log_sanitized_keys	(optional) Set to TRUE to log keys that are sanitized.

Return Value

Request

The sanitized request.

at line 81
`static protected bool processParameterBag(ParameterBag $bag, string[] $whitelist, bool $log_sanitized_keys, string $bag_name, string $message)`

Processes a request parameter bag.

Parameters

ParameterBag	$bag	The parameter bag to process.
string[]	$whitelist	An array of keys to whitelist as safe.
bool	$log_sanitized_keys	Set to TRUE to log keys that are sanitized.
string	$bag_name	The request parameter bag name. Either 'query', 'request' or 'cookies'.
string	$message	The message to log if the parameter bag contains keys that are removed. If the message contains %s that is replaced by a list of removed keys.

Return Value

bool	TRUE if the parameter bag has been sanitized, FALSE if not.

at line 130
`static protected array checkDestination(string $destination, array $whitelist)`

Checks a destination string to see if it is dangerous.

Parameters

string	$destination	The destination string to check.
array	$whitelist	An array of keys to whitelist as safe.

Return Value

array

The dangerous keys found in the destination parameter.

at line 153
`static protected mixed stripDangerousValues(mixed $input, array $whitelist, array $sanitized_keys)`

Strips dangerous keys from $input.

Parameters

mixed	$input	The input to sanitize.
array	$whitelist	An array of keys to whitelist as safe.
array	$sanitized_keys	An array of keys that have been removed.

Return Value

mixed

The sanitized input.

RequestSanitizer

Constants

Methods

Details

at line 42 static Request sanitize(Request $request, string[] $whitelist, bool $log_sanitized_keys = FALSE)

Parameters

Return Value

at line 81 static protected bool processParameterBag(ParameterBag $bag, string[] $whitelist, bool $log_sanitized_keys, string $bag_name, string $message)

Parameters

Return Value

at line 130 static protected array checkDestination(string $destination, array $whitelist)

Parameters

Return Value

at line 153 static protected mixed stripDangerousValues(mixed $input, array $whitelist, array $sanitized_keys)

Parameters

Return Value

at line 42
`static Request sanitize(Request $request, string[] $whitelist, bool $log_sanitized_keys = FALSE)`

at line 81
`static protected bool processParameterBag(ParameterBag $bag, string[] $whitelist, bool $log_sanitized_keys, string $bag_name, string $message)`

at line 130
`static protected array checkDestination(string $destination, array $whitelist)`

at line 153
`static protected mixed stripDangerousValues(mixed $input, array $whitelist, array $sanitized_keys)`