Digi92
4/15/2019 - 8:58 AM

Security - Remove all suspicious characters from $_GET parameter

This function will remove all suspicious characters from a $_GET parameter. This has only a security reason. Source: https://stackoverflow.com/a/1886296

FilterUrl
content_copyfile_download
    /**
     * This function will remove all suspicious characters from a $_GET parameter
     *
     * @param $url
     * @return array|string|string[]|null
     */
    protected function filterUrl($url)
    {
        if (is_array($url))
        {
            foreach ($url as $key => $value)
            {
                // recurssion
                $url[$key] = $this->filterUrl($value);
            }
            return $url;
        }
        else
        {
            // remove everything except for a-zA-Z0-9_.-&=
            $url = preg_replace('/[^a-zA-Z0-9_\.\-&=]/', '', $url);
            return $url;
        }
    }