function RequestSanitizer::sanitize
Strips dangerous keys from user input.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The incoming request to sanitize.
string[] $safe_keys: An array of keys to consider safe.
bool $log_sanitized_keys: (optional) Set to TRUE to log keys that are sanitized.
Return value
\Symfony\Component\HttpFoundation\Request The sanitized request.
1 call to RequestSanitizer::sanitize()
- DrupalKernel::preHandle in core/
lib/ Drupal/ Core/ DrupalKernel.php - Helper method that does request related initialization.
File
-
core/
lib/ Drupal/ Core/ Security/ RequestSanitizer.php, line 42
Class
- RequestSanitizer
- Sanitizes user input.
Namespace
Drupal\Core\SecurityCode
public static function sanitize(Request $request, array $safe_keys, $log_sanitized_keys = FALSE) {
if (!$request->attributes
->get(self::SANITIZED, FALSE)) {
$update_globals = FALSE;
$bags = [
'query' => 'Potentially unsafe keys removed from query string parameters (GET): %s',
'request' => 'Potentially unsafe keys removed from request body parameters (POST): %s',
'cookies' => 'Potentially unsafe keys removed from cookie parameters: %s',
];
foreach ($bags as $bag => $message) {
if (static::processParameterBag($request->{$bag}, $safe_keys, $log_sanitized_keys, $bag, $message)) {
$update_globals = TRUE;
}
}
if ($update_globals) {
$request->overrideGlobals();
}
$request->attributes
->set(self::SANITIZED, TRUE);
}
return $request;
}