IRestService::sanitizeFilter

static function sanitizeFilter($filter, array $availableFields = null, $valueCallback = null, array $availableOperations = null)
{
	static $defaultOperations = array('', '=', '>', '<', '>=', '<=', '@', '%');

	if($availableOperations === null)
	{
		$availableOperations = $defaultOperations;
	}

	if(!is_array($filter))
	{
		throw new RestException('The filter is not an array.', RestException::ERROR_ARGUMENT, CRestServer::STATUS_WRONG_REQUEST);
	}

	$filter = array_change_key_case($filter, CASE_UPPER);

	$resultFilter = array();
	foreach($filter as $key => $value)
	{
		if(preg_match('/^([^a-zA-Z]*)(.*)/', $key, $matches))
		{
			$operation = $matches[1];
			$field = $matches[2];

			if(!in_array($operation, $availableOperations))
			{
				throw new RestException('Filter operation not allowed: '.$operation, RestException::ERROR_ARGUMENT, CRestServer::STATUS_WRONG_REQUEST);
			}

			if($availableFields !== null && !in_array($field, $availableFields))
			{
				throw new RestException('Filter field not allowed: '.$field, RestException::ERROR_ARGUMENT, CRestServer::STATUS_WRONG_REQUEST);
			}

			if(is_callable($valueCallback))
			{
				$value = call_user_func_array($valueCallback, array($field, $value, $operation));
			}

			$resultFilter[$operation.$field] = $value;
		}
	}

	return $resultFilter;
}