X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fcore%2Flib%2FDrupal%2FCore%2FDrupalKernel.php;fp=web%2Fcore%2Flib%2FDrupal%2FCore%2FDrupalKernel.php;h=fec1be9ad3a6163744a6cfde69965417b3121608;hp=37ed0e97a68d9fd88e848c292fbbf6f63503f3cb;hb=5e458ff8cb4924fd5fa03b80d8edfcc52fe43479;hpb=9917807b03b64faf00f6a1f29dcb6eafc454efa5

diff --git a/web/core/lib/Drupal/Core/DrupalKernel.php b/web/core/lib/Drupal/Core/DrupalKernel.php
index 37ed0e97a..fec1be9ad 100644
--- a/web/core/lib/Drupal/Core/DrupalKernel.php
+++ b/web/core/lib/Drupal/Core/DrupalKernel.php
@@ -20,6 +20,7 @@ use Drupal\Core\File\MimeType\MimeTypeGuesser;
 use Drupal\Core\Http\TrustedHostsRequestFactory;
 use Drupal\Core\Installer\InstallerRedirectTrait;
 use Drupal\Core\Language\Language;
+use Drupal\Core\Security\RequestSanitizer;
 use Drupal\Core\Site\Settings;
 use Drupal\Core\Test\TestDatabase;
 use Symfony\Cmf\Component\Routing\RouteObjectInterface;
@@ -542,6 +543,12 @@ class DrupalKernel implements DrupalKernelInterface, TerminableInterface {
    * {@inheritdoc}
    */
   public function preHandle(Request $request) {
+    // Sanitize the request.
+    $request = RequestSanitizer::sanitize(
+      $request,
+      (array) Settings::get(RequestSanitizer::SANITIZE_WHITELIST, []),
+      (bool) Settings::get(RequestSanitizer::SANITIZE_LOG, FALSE)
+    );
 
     $this->loadLegacyIncludes();