But we could use rawurlencode($_SERVER['PHP_SELF']), no?
João
Michael A. Peters wrote:
Nisse Engström wrote:
On Wed, 18 Feb 2009 10:37:53 -0800, Michael A. Peters wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input
On Wed, 18 Feb 2009 10:37:53 -0800, Michael A. Peters wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
Amazing! Not once did they mention htmlspecialchars().
/Nisse
--
PHP
Nisse Engström wrote:
On Wed, 18 Feb 2009 10:37:53 -0800, Michael A. Peters wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
Amazing! Not once did they mention
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also needs to include some javascript only if
it's called from a certain URL.
On Wed, Feb 18, 2009 at 1:16 PM, Ed Curtis e_cur...@homes2see.com wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as $_SERVER['HTTP_REFERER']
works. I have a script that is included on every page of a site but also
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also needs to include some javascript only if
it's called from
On Wed, 2009-02-18 at 23:57 +0530, Sudheer wrote:
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also needs to include some javascript only if
it's called from
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also needs to include some javascript only if
it's called from
Michael A. Peters wrote:
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every page of a site but also needs to include some javascript
Robert Cummings wrote:
On Wed, 2009-02-18 at 23:57 +0530, Sudheer wrote:
Ed Curtis wrote:
Is there a function or variable that will tell me if a file has asked
another file to include something much the same as
$_SERVER['HTTP_REFERER'] works. I have a script that is included on
every
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
I do not understand the exploit. How is he spoofing any $_SERVER
variables? The attack description doesn't make sense.
--
Dotan Cohen
Dotan Cohen wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
I do not understand the exploit. How is he spoofing any $_SERVER
variables? The attack description doesn't make sense.
Dotan Cohen wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
I do not understand the exploit. How is he spoofing any $_SERVER
variables? The attack description doesn't make
Michael A. Peters wrote:
Dotan Cohen wrote:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html
explains a technique to validate the input as well (don't trust that is
clean)
I do not understand the exploit. How is he spoofing any $_SERVER
variables? The attack
Did you actually try his example?
No, I could not understand it. Now I see why:
1) Where would the experienced hacker enter the attack? Now I see
that it is the URL of the attacked site. That was not clear, I though
that it was being entered into some form element that I did not see in
the code.
16 matches
Mail list logo
