Announcements | Last Post | |
---|---|---|
SoC Curricula | 09/30/2017 01:08PM | |
Demarcation or scoping of examinations and assessment | 02/13/2017 07:59AM | |
School of Computing Short Learning Programmes | 11/24/2014 08:37AM | |
Unisa contact information | 07/28/2011 01:28PM |
PHP9 - Security Issues February 15, 2012 04:07PM |
Registered: 12 years ago Posts: 31 Rating: 0 |
Re: PHP9 - Security Issues February 16, 2012 11:02PM |
Registered: 12 years ago Posts: 116 Rating: 0 |
Re: PHP9 - Security Issues February 22, 2012 08:21PM |
Registered: 12 years ago Posts: 15 Rating: 0 |
Re: PHP9 - Security Issues February 23, 2012 10:04AM |
Registered: 12 years ago Posts: 77 Rating: 0 |
Language: PHP[database] user=root password='; '; host=localhost select=true database=chapter7 [general] record_per_page=20 site_name=Introduction to php seo_default_title=%s %s - Awesome PHP seo_default_description=<p>Looking for a %s in %s?</p> // To read this file, i constructed the ff code $general_config_options = parse_ini_file("config.ini", "general"); $database_config_options = $general_config_options["database"]; $host = $database_config_options["host"] $username = $database_config_options["user"] $password = $database_config_options["password"]
Re: PHP9 - Security Issues February 23, 2012 12:48PM |
Admin Registered: 18 years ago Posts: 10,001 Rating: 353 |
Re: PHP9 - Security Issues February 24, 2012 09:59AM |
Registered: 12 years ago Posts: 77 Rating: 0 |
Re: PHP9 - Security Issues February 25, 2012 04:09PM |
Registered: 12 years ago Posts: 115 Rating: 0 |
Re: PHP9 - Security Issues February 25, 2012 09:43PM |
Registered: 12 years ago Posts: 31 Rating: 0 |
Is this really the reason why someone would use htmlentities() over htmlspecialchars()? I googled around a bit and found a lot of over-my-head discussions about vulnerabilities between different character sets. If a hacker could 'launch an attack in a language that is not English' why would anyone use htmlspecialchars() over htmlentities()? It sounds like a very strange explanation to me.Quote
So if you think your attacker might launch an attack in a language that is not English, then use [htmlentities()]
Re: PHP9 - Security Issues February 26, 2012 11:53PM |
Registered: 12 years ago Posts: 31 Rating: 0 |
Re: PHP9 - Security Issues February 27, 2012 07:39AM |
Admin Registered: 18 years ago Posts: 10,001 Rating: 353 |
Re: PHP9 - Security Issues March 01, 2012 07:56PM |
Registered: 13 years ago Posts: 159 Rating: 0 |
Re: PHP9 - Security Issues March 02, 2012 08:14AM |
Admin Registered: 18 years ago Posts: 10,001 Rating: 353 |
> Is this really the reason why someone would useQuote
So if you think your attacker might launch
> an attack in a language that is not English, then
> use [htmlentities()]
Re: PHP9 - Security Issues March 03, 2012 12:10PM |
Registered: 12 years ago Posts: 45 Rating: 0 |
Re: PHP9 - Security Issues March 09, 2012 02:51PM |
Registered: 12 years ago Posts: 77 Rating: 0 |
Re: PHP9 - Security Issues March 09, 2012 04:56PM |
Registered: 12 years ago Posts: 116 Rating: 0 |
Re: PHP9 - Security Issues March 11, 2012 11:33PM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Re: PHP9 - Security Issues March 11, 2012 11:55PM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Language: PHP<?php $My_string = "<p>This is example of paragraph</p>, <div>This is an example of division,</div> <p>This is another example of paragraph</p>, <span>This is an example of span tag.</span>"; $stripped_string = strip_tags($My_string,"<div>"); echo $stripped_string; ?>
Language: PHPThis is example of paragraph, This is an example of division, This is another example of paragraph, This is an example of span tag.
Re: PHP9 - Security Issues March 11, 2012 11:59PM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Language: PHP<?php $My_string = "<p>This is example of paragraph</p>, <div>This is an example of division,</div> <p>This is another example of paragraph</p>, <span>This is an example of span tag.</span>"; $stripped_string = strip_tags($My_string); echo $stripped_string; ?>
Language: PHPThis is example of paragraph, This is an example of division, This is another example of paragraph, This is an example of span tag.
Re: PHP9 - Security Issues March 12, 2012 12:00AM |
Registered: 12 years ago Posts: 7 Rating: 0 |
[/code]Language: PHPfunction clean($data) { $dataA = strip_tags($data); $dataB = trim($dataA); $dataC = mysql_real_escape_string($dataB); $dataD = str_replace("","';", $dataC); $dataE = str_replace("",';"';, $dataD); $dataF = str_replace("",';|';, $dataE); $dataG = str_replace("","/", $dataF); $dataH = str_replace("","`", $dataG); $dataI = stripslashes($dataH); //// error on textarea: (rn) //// return $dataI; } I use this function to clean the users input, but the str_replace don';t work if I enter Hell`o it echo out the same why is not removing the ` " '; / \ ??????? any better method? thanks[code="php"]
Re: PHP9 - Security Issues March 12, 2012 12:32AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Language: PHP<?php $str = "Jane & 'Tarzan'"; echo htmlspecialchars_decode($str); echo "<br />"; echo htmlspecialchars_decode($str, ENT_QUOTES); echo "<br />"; echo htmlspecialchars_decode($str, ENT_NOQUOTES); ?>
Re: PHP9 - Security Issues March 12, 2012 12:37AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Re: PHP9 - Security Issues March 12, 2012 12:57AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Language: PHP<?php $new = htmlspecialchars("<a href=';test';>Test</a>", ENT_QUOTES); echo $new; // ?>
Language: PHP<a href='test'>Test</a>
Re: PHP9 - Security Issues March 12, 2012 01:00AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Language: PHP<?php $str = "A ';quote'; is <b>bold</b>"; echo htmlentities($str); echo htmlentities($str, ENT_QUOTES); ?>
Language: PHPA ';quote'; is <b>bold</b> A 'quote' is <b>bold</b>
Re: PHP9 - Security Issues March 12, 2012 01:12AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Re: PHP9 - Security Issues March 12, 2012 01:19AM |
Registered: 12 years ago Posts: 73 Rating: 0 |
Re: PHP9 - Security Issues March 12, 2012 01:03PM |
Registered: 12 years ago Posts: 11 Rating: 0 |
Re: PHP9 - Security Issues March 12, 2012 03:14PM |
Registered: 12 years ago Posts: 77 Rating: 0 |
Language: PHPfunction unregisterGlobals() { if (ini_get(';register_globals';)) { $array = array(';_SESSION';, ';_POST';, ';_GET';, ';_COOKIE';, ';_REQUEST';, ';_SERVER';, ';_ENV';, ';_FILES';); foreach ($array as $value) { foreach ($GLOBALS[$value] as $key => $var) { if ($var === $GLOBALS[$key]) { unset($GLOBALS[$key]); } } } } }
Language: PHP//Recursively remove slashes function stripSlashesDeep($value) { $value = is_array($value) ? array_map(';stripSlashesDeep';, $value) : stripslashes($value); return $value; } //This cater for php 5. For php 4 use $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS function removeMagicQuotes() { if (get_magic_quotes_gpc()) { $_GET = stripSlashesDeep($_GET); $_POST = stripSlashesDeep($_POST); $_COOKIE = stripSlashesDeep($_COOKIE); } }
Re: PHP9 - Security Issues March 12, 2012 07:31PM |
Registered: 12 years ago Posts: 11 Rating: 0 |
Re: PHP9 - Security Issues March 13, 2012 09:06AM |
Registered: 12 years ago Posts: 31 Rating: 0 |
Re: PHP9 - Security Issues March 15, 2012 03:35PM |
Registered: 12 years ago Posts: 45 Rating: 0 |