Last active
February 16, 2026 04:16
-
-
Save stemar/e20d87f0205410e90b6038de290f26b8 to your computer and use it in GitHub Desktop.
Polyfill for FILTER_SANITIZE_STRING deprecated as of PHP 8.1.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function filter_sanitize_string($value, $flags = 0) { | |
| if ($flags & FILTER_FLAG_EMPTY_STRING_NULL && $value === "") { | |
| return null; | |
| } | |
| if (!(is_scalar($value) || is_null($value))) { | |
| return false; | |
| } | |
| // Strip HTML tags and remove NUL bytes | |
| $value = (string)$value; | |
| $value = strip_tags($value); | |
| $value = str_replace("\0", "", $value); | |
| // Low/High ASCII handling (byte-by-byte to match legacy behavior) | |
| $output = ""; | |
| for ($i = 0, $n = strlen($value); $i < $n; $i++) { | |
| $char = $value[$i]; | |
| $ord = ord($char); | |
| if ($ord < 32) { | |
| if ($flags & FILTER_FLAG_STRIP_LOW) | |
| continue; | |
| if ($flags & FILTER_FLAG_ENCODE_LOW) { | |
| $output .= "&#$ord;"; | |
| continue; | |
| } | |
| } | |
| if ($ord > 127) { | |
| if ($flags & FILTER_FLAG_STRIP_HIGH) | |
| continue; | |
| if ($flags & FILTER_FLAG_ENCODE_HIGH) { | |
| $output .= "&#$ord;"; | |
| continue; | |
| } | |
| } | |
| $output .= $char; | |
| } | |
| // Strip backticks; fixes bug PHP_VERSION < 5.5.24 | |
| if ($flags & FILTER_FLAG_STRIP_BACKTICK) { | |
| $output = str_replace('`', '', $output); | |
| } | |
| // Legacy ONLY encoded ampersands if FILTER_FLAG_ENCODE_AMP was set | |
| if ($flags & FILTER_FLAG_ENCODE_AMP) { | |
| $output = str_replace('&', '&', $output); | |
| } | |
| // Replicate legacy quote encoding exactly (' and ") | |
| if (!($flags & FILTER_FLAG_NO_ENCODE_QUOTES)) { | |
| $output = str_replace(["'", '"'], [''', '"'], $output); | |
| } | |
| return $output; | |
| } |
Author
Author
General filter flags to be applied at the 2nd arg of filter_var(), in 'flags' key value:
$sanitized = filter_var(array(), FILTER_CALLBACK, [
'options' => function($value) {
return filter_sanitize_string($value, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_ENCODE_HIGH);
},
'flags' => FILTER_NULL_ON_FAILURE,
]);
var_dump($sanitized);
NULL
$sanitized = filter_var(array(), FILTER_CALLBACK, [
'options' => function($value) {
return filter_sanitize_string($value, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_ENCODE_HIGH);
},
]);
var_dump($sanitized);
array(0) {
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Polyfill tests
Deprecated tests