class Sanitize (View source)

This class includes various sanitization methods that can be called statically

Methods

static bool
checkLink(string $url, bool $http = false, bool $other = false)

Checks whether given link is valid

static bool
isSetup()

Check if we are currently on a setup folder page

static string
convertBBCode(string $message, bool $safe = false)

Sanitizes $message, taking into account our special codes for formatting.

static string
sanitizeFilename(string $filename, bool $replaceDots = false)

Sanitize a filename by removing anything besides legit characters

static string
getJsValue(string $key, mixed $value)

Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.

static void
removeRequestVars(array $allowList)

Removes all variables from request except allowed ones.

Details

Checks whether given link is valid

Parameters

string $url

URL to check

bool $http

Whether to allow http links

bool $other

Whether to allow ftp and mailto links

Return Value

bool

static bool isSetup()

Check if we are currently on a setup folder page

Return Value

bool

static string convertBBCode(string $message, bool $safe = false)

Sanitizes $message, taking into account our special codes for formatting.

Parameters

string $message

the message

bool $safe

whether string is safe (can keep < and > chars)

Return Value

string

static string sanitizeFilename(string $filename, bool $replaceDots = false)

Sanitize a filename by removing anything besides legit characters

Intended usecase: When using a filename in a Content-Disposition header the value should not contain ; or "

When exporting, avoiding generation of an unexpected double-extension file

Parameters

string $filename

The filename

bool $replaceDots

Whether to also replace dots

Return Value

string

the sanitized filename

static string getJsValue(string $key, mixed $value)

Formats an javascript assignment with proper escaping of a value and support for assigning array of strings.

Parameters

string $key

Name of value to set

mixed $value

Value to set, can be either string or array of strings

Return Value

string

Javascript code.

static void removeRequestVars(array $allowList)

Removes all variables from request except allowed ones.

Parameters

array $allowList

list of variables to allow

Return Value

void