/** * Cleans all piVars for XSS vulnerabilities using external library and * updates values within $this->piVars as it cleans. * * @param * mixed Array of nested piVars or individual piVar value. */ public function cleanPiVarParam(&$param) { if (is_array($param)) { $arrayKeys = array_keys($param); foreach ($arrayKeys as $key) { $this->cleanPiVarParam($param[$key]); } } else { // Don't use default replaceString of <x> because strip-tags will later remove it. $param = \TYPO3\CMS\Cal\Utility\Functions::removeXSS($param, '--xxx--'); } }