The sanitizedDest function in UserSpice is used to sanitize and validate a destination URL parameter. It checks if the destination is a legitimate page in the database or if it has been whitelisted by the administrator.
Location
users/helpers/us_helpers.php
Parameters
#
Parameter
Data Type
Required
Description
1
$varname = 'dest'
string
No
The name of the URL parameter to sanitize. By default, it is set to 'dest'.
Returns
Data Type
Description of Returned Data
string
The function returns either the sanitized destination (string) if it is legitimate, or false if it is not.
Further Documentation:
$destination = sanitizedDest('redirect');
if ($destination) {
// Valid destination, redirect the user
Redirect::to($destination);
} else {
// Invalid destination, redirect to a default page
Redirect::to($us_url_root.'home.php');
}
In the example above, the sanitizedDest function is called with the $varname parameter set to 'redirect'. It retrieves the sanitized destination URL, and if it is a legitimate page or whitelisted by the administrator, the user is redirected to that destination.
If the sanitizedDest function returns false, indicating that the destination is invalid, the user is redirected to a default page (e.g., 'home.php'). This helps prevent unauthorized or malicious redirections.
Note that the sanitizedDest function relies on other components such as Input::get, DB::getInstance, and Config::get, which should be properly implemented and configured in your UserSpice installation.