config_clean()

Description

Utility function to "clean" the passed $config. Cleaning consists of two parts:
Suppressing really simple XSS attacks by refusing to allow strings
containing the characters "<script" in upper, lower or mixed case.
Unescaping instances of "'" and '"' that have been escaped by the
lovely magic_quotes_gpc facility, if it's on.

Parameters

ColumnTypeDefaultDescription
$config
mixed $config thing to be cleaned.

Return

a cleaned version of $config.

Location

include/config_functions.php lines 531 to 543

Definition

 
function config_clean($config)
{
    if (
is_array($config)) {
        foreach (
$config as &$item) {
            
$item config_clean($item);
        }
    } elseif (
is_string($config)) {
        if (
strpos(strtolower($config), "<script") !== false) {
            
$config '';
        }
    }
    return 
$config;
}

This article was last updated 3rd June 2025 21:35 Europe/London time based on the source file dated 23rd May 2025 11:20 Europe/London time.