Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

config_clean()

Description

Utility function to "clean" the passed $config. Cleaning consists of two parts:
Suppressing really simple XSS attacks by refusing to allow strings
containing the characters "<script" in upper, lower or mixed case.
Unescaping instances of "'" and '"' that have been escaped by the
lovely magic_quotes_gpc facility, if it's on.

Parameters

ColumnTypeDefaultDescription
$config
mixed $config thing to be cleaned.

Return

a cleaned version of $config.

Location

include/config_functions.php lines 403 to 420

Definition

 
function config_clean($config)
    {
    if (
is_array($config))
        {
        foreach (
$config as &$item)
            {
            
$item config_clean($item);
            }
        }
    elseif (
is_string($config))
        {
        if (
strpos(strtolower($config),"<script") !== false)
            {
            
$config '';
            }
        }
    return 
$config;
    }

This article was last updated 13th December 2024 20:35 Europe/London time based on the source file dated 11th December 2024 15:55 Europe/London time.