Voting

The Note You're Voting On

4 years ago
Sample function to sanitize a full URL:
<?php
private function sanitizeUrl($url){
        $parts = parse_url($url);

        // Optional but we only sanitize URLs with scheme and host defined
        if($parts === false || empty($parts["scheme"]) || empty($parts["host"])){
            return $url;
        }

        $sanitizedPath = null;
        if(!empty($parts["path"])){
            $pathParts = explode("/", $parts["path"]);
            foreach($pathParts as $pathPart){
                if(empty($pathPart)) continue;
                // The Path part might already be urlencoded
                $sanitizedPath .= "/" . rawurlencode(rawurldecode($pathPart));
            }
        }

        // Build the url
        $targetUrl = $parts["scheme"] . "://" .
            ((!empty($parts["user"]) && !empty($parts["pass"])) ? $parts["user"] . ":" . $parts["pass"] . "@" : "") .
            $parts["host"] .
            (!empty($parts["port"]) ? ":" . $parts["port"] : "") .
            (!empty($sanitizedPath) ? $sanitizedPath : "") .
            (!empty($parts["query"]) ? "?" . $parts["query"] : "") .
            (!empty($parts["fragment"]) ? "#" . $parts["fragment"] : "");

        return $targetUrl;
    }
?>
<< Back to user notes page