- // Cookie parameters.
- $cookie_sanitized_keys = [];
- $request->cookies->replace(static::stripDangerousValues($request->cookies->all(), $whitelist, $cookie_sanitized_keys));
- if ($log_sanitized_keys && !empty($cookie_sanitized_keys)) {
- trigger_error(sprintf('Potentially unsafe keys removed from cookie parameters: %s', implode(', ', $cookie_sanitized_keys)));
+ /**
+ * Processes a request parameter bag.
+ *
+ * @param \Symfony\Component\HttpFoundation\ParameterBag $bag
+ * The parameter bag to process.
+ * @param string[] $whitelist
+ * An array of keys to whitelist as safe.
+ * @param bool $log_sanitized_keys
+ * Set to TRUE to log keys that are sanitized.
+ * @param string $bag_name
+ * The request parameter bag name. Either 'query', 'request' or 'cookies'.
+ * @param string $message
+ * The message to log if the parameter bag contains keys that are removed.
+ * If the message contains %s that is replaced by a list of removed keys.
+ *
+ * @return bool
+ * TRUE if the parameter bag has been sanitized, FALSE if not.
+ */
+ protected static function processParameterBag(ParameterBag $bag, $whitelist, $log_sanitized_keys, $bag_name, $message) {
+ $sanitized = FALSE;
+ $sanitized_keys = [];
+ $bag->replace(static::stripDangerousValues($bag->all(), $whitelist, $sanitized_keys));
+ if (!empty($sanitized_keys)) {
+ $sanitized = TRUE;
+ if ($log_sanitized_keys) {
+ trigger_error(sprintf($message, implode(', ', $sanitized_keys)));