No hanging chads here, we promise! Login and vote now.
By bloid
via thespanner.co.uk
Published: Jan 16 2008 / 05:27
Eric Butera emailed me with a very interesting topic about protecting against PHP_SELF exploits. I thought it might be a good idea to gather a few test cases demonstrating the problem. Why PHP allows these URL’s is beyond me and it wouldn’t take much work to filter out these malicious URL’s in the PHP code.
Comments
gromitt replied ago:
Since the release of PHP 5.1.2 (12-Jan-2006), first exploit is avoided :
"Warning: Header may not contain more than a single header, new line detected."
Other "exploits" (which are the in fact the repetition of the same "exploit"), just show that you *HAVE* to filter/escape user inputs (PHP_SELF *IS* a user input), as everyone should always do, through, for example, htmlspecialchars() or htmlentities().
PHP should not be blamed if user data was not filtered.
Voters For This Link (8)
Voters Against This Link (1)