/** * This function limits the possible characters passed as template keys and * values to letters, numbers, hyphens and underscores. The function also * performs standard escaping of the passed values. * * @param string $string The unsafe string to escape and check for invalid characters * @return string Sanitized version of input */ public static function makeSafe($string) { $stripped = preg_replace('/[^-_\\w]/', '', $string); // theoretically this is overkill, but better safe than sorry return WmfFramework::sanitize(htmlspecialchars($stripped)); }