Results 31 to 38 of 38
-
21st May 2010, 09:37 AM#31
OPMemberWebsite's:
litewarez.net litewarez.com triniwarez.comXSS Filtering is not easy to get perfect but you can prevent alot of attacks by attempting to convert the source value (search,comment) into its entities.
Usually when i build a system i will sanitize all input as stranded !
For instance
If a user posts in your search box something like "<div />" the value of $search about will be "<div />".PHP Code:function sanitize($input)
{
if(is_array($input))
{
$temp = array();
foreach($input as $k => $v)
{
$temp[$k] = sanitize($v);
}
return $temp;
}
return htmlentities($input,ENT_QOUTES);
}
$_GET = sanitize($_GET);
$_POST = sanitize($_POST);
$search = $_GET['search'];
so if you use $search in your template / html file its pretty safe.
Also take note of Strip Tags and Filter Var in PHPJoin Litewarez.net today and become apart of the community.
Unique | Clean | Advanced (All with you in mind)
Downloads | Webmasters
Notifications,Forum,Chat,Community all at Litewarez Webmasters
-
21st May 2010, 09:49 AM#32
Member
litewarez thanks for the code.
I just found this
http://htmlpurifier.org/Coding Horror Fan
I don't read PM's frequently .
-
27th May 2010, 10:46 PM#33
OPMemberWebsite's:
litewarez.net litewarez.com triniwarez.comi ment to mention that to you but i forgot to add it to the topic..
that peice of kit is really really good and cuts out a loads of possibilities but its very bulky for its single purpose.Join Litewarez.net today and become apart of the community.
Unique | Clean | Advanced (All with you in mind)
Downloads | Webmasters
Notifications,Forum,Chat,Community all at Litewarez Webmasters
-
4th Jul 2010, 11:31 PM#34
Moderator
And what about null bytes?
and btw I null scripts my own when I can. If I can't or don't have time, then I use DGT or FS nulls.Code:http://php.net/manual/en/security.filesystem.nullbytes.phpTrusted: Dom, l0calh0st, 0ccul7, robert420
Find all threads started by NewEraCracker
-
10th Aug 2010, 06:14 PM#35
Respected Member
Thread unstuck, mainly due to inactivity and the fact that litewarez himself stickied this thread when he was moderator.
-
10th Aug 2010, 06:58 PM#36
MemberWebsite's:
ExpresShare.comI just wanted to talk about the PL1 fix for vbulletin 3.8.6
you have to save this code in a file and upload it to your server(login as admin maybe required since I was logged in as amin when I tested it
)
and then just navigate to it using your browserPHP Code:<?php
require_once('global.php');
$db->query_write("DELETE from " . TABLE_PREFIX . "phrase WHERE varname = 'database_ingo'");
echo "successfully patched";
?>
that was the PL1 fix.
@NewEraCracker
for null byte vuln you can use addslashes
-
18th Aug 2010, 03:57 PM#37
Moderator
Thanks for the info
Trusted: Dom, l0calh0st, 0ccul7, robert420
Find all threads started by NewEraCracker
-
2nd Oct 2010, 01:32 PM#38
Member
small sanitizing function
PHP Code:
function sanitize($str)
{
return strtolower(strip_tags(trim(($str))));
}
Coding Horror Fan
I don't read PM's frequently .
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Defendos Security - Official Thread
By l0calh0st in forum Web Development AreaReplies: 40Last Post: 31st Oct 2012, 03:54 PM -
Hosting Tutorials,Tips,Security,General | PhotonServers
By ChosenOne in forum Useful SitesReplies: 9Last Post: 20th May 2010, 10:10 AM -
Hosting Tutorials,Tips,Security,General | PhotonServers
By Raptile in forum Useful SitesReplies: 14Last Post: 19th May 2010, 06:07 PM -
[LE] PhotonServers.NET | Hosting Tutorials,Tips,Security,General
By Raptile in forum Traffic Market (Buy, Sell and Trade)Replies: 9Last Post: 14th May 2010, 06:11 AM -
Security Tips
By sniper in forum Webmaster DiscussionReplies: 6Last Post: 11th Feb 2010, 10:28 AM
Staff Online
themaCreator - create posts from...
Version 3.24 released. Open older version (or...