validate_build_url()

Coding standards

Security in ResourceSpace

Developer reference

Database

Action functions

Admin functions

Ajax functions

Annotation functions

API functions

Collections functions

Comment functions

Config functions

CSV export functions

Dash functions

Debug functions

Encryption functions

Facial recognition functions

File functions

General functions

Language functions

Log functions

Message functions

Migration functions

Node functions

PDF functions

Plugin functions

Render functions

Reporting functions

Request functions

Research functions

Slideshow functions

Theme permission functions

User functions

Video functions

Database functions

Metadata functions

Resource functions

Search functions

Map functions

Job functions

Tab functions

Test functions

Description

Sanitise the url provided when saving a dash tile. This function will take the value obtained by the form and pass it through if valid.
If the url supplied is invalid, a blank value will be returned allowing the default standard tile type to be used.

Parameters

Column	Type	Default	Description
$buildurl	string		url supplied when dash tile is edited, containing a number of optional parameters.

Return

string

A valid url or empty string if invalid.

Location

include/dash_functions.php lines 2037 to 2088

Definition


 
function validate_build_url($buildurl)
{
    global $tile_styles;

    if ($buildurl != "") {
        # Sanitise the url provided.
        $build_url_parts = explode('?', $buildurl);
        $valid_tile_urls = array();
        $valid_tile_urls[] = 'pages/ajax/dash_tile.php';
        $valid_tile_urls[] = 'pages/team/ajax/graph.php';

        if (!in_array($build_url_parts[0], $valid_tile_urls)) {
            // Url is invalid
            $buildurl = "";
        } else {
            parse_str(($build_url_parts[1] ?? ""), $build_url_parts_param);
            foreach ($build_url_parts_param as $param => $value) {
                switch ($param) {
                    case 'tltype':
                        # type checks
                        if (!array_key_exists($value, $tile_styles)) {
                            $buildurl = "";
                        }
                        break;
                    case 'tlsize':
                        # size checks
                        if (!in_array($value, array('single','double',''))) {
                            $buildurl = "";
                        }
                        break;
                    case 'tlstyle':
                        # style checks
                        $all_tile_styles = array();
                        foreach ($tile_styles as $tile_type_style) {
                            $all_tile_styles = array_merge($all_tile_styles, $tile_type_style);
                        }
                        if (!in_array($value, $all_tile_styles)) {
                            $buildurl = "";
                        }
                        break;
                    case 'promimg':
                        # img checks
                        if (!is_int_loose($value) && !is_bool($build_url_parts_param[1])) {
                            $buildurl = "";
                        }
                        break;
                }
            }
        }
    }
    return $buildurl;
}

This article was last updated 30th June 2025 17:35 Europe/London time based on the source file dated 17th April 2025 17:40 Europe/London time.

Knowledge Base