config_clean()

Coding standards

Security in ResourceSpace

Developer reference

Database

Action functions

Admin functions

Ajax functions

Annotation functions

API functions

Collections functions

Comment functions

Config functions

CSV export functions

Dash functions

Debug functions

Encryption functions

Facial recognition functions

File functions

General functions

Language functions

Log functions

Message functions

Migration functions

Node functions

PDF functions

Plugin functions

Render functions

Reporting functions

Request functions

Research functions

Slideshow functions

Theme permission functions

User functions

Video functions

Database functions

Metadata functions

Resource functions

Search functions

Map functions

Job functions

Tab functions

Test functions

Description

Utility function to "clean" the passed $config. Cleaning consists of two parts:
Suppressing really simple XSS attacks by refusing to allow strings
containing the characters "<script" in upper, lower or mixed case.
Unescaping instances of "'" and '"' that have been escaped by the
lovely magic_quotes_gpc facility, if it's on.

Parameters

Column	Type	Default	Description
$config
mixed	$config		thing to be cleaned.

Return

a	cleaned version of $config.

Location

include/config_functions.php lines 531 to 543

Definition


 
function config_clean($config)
{
    if (is_array($config)) {
        foreach ($config as &$item) {
            $item = config_clean($item);
        }
    } elseif (is_string($config)) {
        if (strpos(strtolower($config), "<script") !== false) {
            $config = '';
        }
    }
    return $config;
}

This article was last updated 23rd June 2025 20:35 Europe/London time based on the source file dated 4th June 2025 16:05 Europe/London time.