function RequestSanitizer::checkDestination

Same name in other branches
  1. 8.9.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()
  2. 10 core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()
  3. 11.x core/lib/Drupal/Core/Security/RequestSanitizer.php \Drupal\Core\Security\RequestSanitizer::checkDestination()

Checks a destination string to see if it is dangerous.

Parameters

string $destination: The destination string to check.

string[] $safe_keys: An array of keys to consider safe.

Return value

array The dangerous keys found in the destination parameter.

1 call to RequestSanitizer::checkDestination()
RequestSanitizer::processParameterBag in core/lib/Drupal/Core/Security/RequestSanitizer.php
Processes a request parameter bag.

File

core/lib/Drupal/Core/Security/RequestSanitizer.php, line 139

Class

RequestSanitizer
Sanitizes user input.

Namespace

Drupal\Core\Security

Code

protected static function checkDestination($destination, array $safe_keys) {
    $dangerous_keys = [];
    $parts = UrlHelper::parse($destination);
    // If there is a query string, check its query parameters.
    if (!empty($parts['query'])) {
        static::stripDangerousValues($parts['query'], $safe_keys, $dangerous_keys);
    }
    return $dangerous_keys;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.